Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

Similar documents
Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

Data Integrity. Modified by: Dr. Ramzi Saifan

Overview. CSC 580 Cryptography and Computer Security. Hash Function Basics and Terminology. March 28, Cryptographic Hash Functions (Chapter 11)

CSC 580 Cryptography and Computer Security

Cryptographic Hash Functions

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Winter 2011 Josh Benaloh Brian LaMacchia

Cryptography. Summer Term 2010

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

Data Integrity & Authentication. Message Authentication Codes (MACs)

CSCE 715: Network Systems Security

CSE 127: Computer Security Cryptography. Kirill Levchenko

Introduction to Cryptography. Lecture 6

Message Authentication Codes and Cryptographic Hash Functions

Fundamentals of Linux Platform Security

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Lecture 1 Applied Cryptography (Part 1)

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

CS408 Cryptography & Internet Security

CS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012

Cryptographic Hash Functions

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

Data Integrity & Authentication. Message Authentication Codes (MACs)

CS-E4320 Cryptography and Data Security Lecture 5: Hash Functions

Network Security Fundamentals

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Hands-On Network Security: Practical Tools & Methods. Hands-On Network Security. Roadmap. Security Training Course

Hands-On Network Security: Practical Tools & Methods

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Jaap van Ginkel Security of Systems and Networks

Cryptographic hash functions and MACs

Lecture 4: Authentication and Hashing

Cryptographic Hash Functions. Secure Software Systems

ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key

CSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions

Outline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question

Outline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr.

ENEE 459-C Computer Security. Message authentication

Integrity of messages

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Lecture 4: Hashes and Message Digests,

ECE 646 Lecture 12. Hash functions & MACs. Digital Signature. Required Reading. Recommended Reading. m message. hash function hash value.

Spring 2010: CS419 Computer Security

P2_L8 - Hashes Page 1

CS 161 Computer Security

Password cracking. IN Ethical Hacking. Bruvoll & Sørby. Department of Informatics 1 / 46

Computer Security Spring Hashes & Macs. Aggelos Kiayias University of Connecticut

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Cryptography MIS

Lecture 1: Course Introduction

Cryptography (Overview)

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Hash functions & MACs

Course Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here

Message authentication codes

Cryptographic Hash Functions. William R. Speirs

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

CIS 4360 Secure Computer Systems Symmetric Cryptography

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

UNIT - IV Cryptographic Hash Function 31.1

Security: Cryptography

EEC-682/782 Computer Networks I

Jaap van Ginkel Security of Systems and Networks

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Unit 8 Review. Secure your network! CS144, Stanford University

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Network and System Security

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptography and Network Security

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

Passwords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014

H must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls)

Symmetric Crypto MAC. Pierre-Alain Fouque

Keccak discussion. Soham Sadhu. January 9, 2012

CNT4406/5412 Network Security

Computer Security: Hashing

Symmetric Encryption 2: Integrity

The LinkedIn Hack: Understanding Why It Was So Easy to Crack the Passwords

CIT 480: Securing Computer Systems. Hashes and Random Numbers

O/S & Access Control. Aggelos Kiayias - Justin Neumann

Network Security. Cryptographic Hash Functions Add-on. Benjamin s slides are authoritative. Chair for Network Architectures and Services

Lecture 8 Message Authentication. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Betriebssysteme und Sicherheit. Stefan Köpsell, Thorsten Strufe. Modul 5: Mechanismen Integrität

POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG

Goals. Understand UNIX pw system. Understand Lamport s hash and its vulnerabilities. How it works How to attack

COMP4109 : Applied Cryptography

Introduction to Software Security Hash Functions (Chapter 5)

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Basics of Cryptography

Outline. From last time. Feistel cipher. Some DES history DES. Block ciphers and modes of operation

Practical Aspects of Modern Cryptography

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Hashing, One-Time Signatures, and MACs. c Eli Biham - March 21, Hashing, One-Time Signatures, and MACs

Cryptography Functions

Ref:

Access Control. Tom Chothia Computer Security, Lecture 5

Oracle Database Security and Audit. Authentication and authorization

Lecture 3 - Passwords and Authentication

Transcription:

Hashes, MACs & Passwords Tom Chothia Computer Security Lecture 5

Today s Lecture Hashes and Message Authentication Codes Properties of Hashes and MACs CBC-MAC, MAC -> HASH (slow), SHA1, SHA2, SHA3 HASH -> MAC, HMAC Password protection Password cracking.

Signatures Alice has a and a signing key Ks and wants to sign message M Signature: D ks (H(M)) Plain Text RSA decrypt with key ks Clear-signed: M,D ks (H(M)) SHA hash

Hashes A hash of any message is a short string generated from that message. The hash of a message is always the same. Any small change makes the hash totally different. It is very hard to go from the hash to the message. It is very unlikely that any two different messages have the same hash.

Uses of Hashing Download/Message verification Tying parts of a message together (hash the whole message) Hash message, then sign the hash. Protect Passwords Store the hash, not the password

Attacks on hashes Preimage Attack: Find a message for a given hash: very hard. Prefix Collision Attack: a collision attack where the attacker can pick a prefix for the message. Collision Attack: Find two random messages with the same hash.

Birthday Paradox How many people do you need to ask before you find 2 that have the same birthday? 23 people, gives (23*22)/2 = 253 pairs. Prob. that two people have a different birthday is: 364/365 (364/365) (23*22/2) = 0.4995

Message Authentication Codes MACs are hashes with a key. Written MAC Key (M) You can only make or check the hash, if you know the key. Stops guessing attacks.

Message Authentication Codes MACs are sometimes used for authentication: E.g. in Alice and Bank share keya, Alice sends to the bank: Pay Bob 10,MAC keya ( Pay Bob 10 ) Possible attack on MAC: Length extension attack add data to a MAC without knowing the key

How can we make a MAC? Must have: A Key Short string from long message. Single bit change in message = totally different hash. Hard to go from the hash to the message. Unlikely that any two different messages have the same hash.

CBC Encryption http://en.wikipedia.org/wiki/block_cipher_modes_of_operation

CBC MAC 0000000000000 MAC Key (M)

An Inefficient Hash Function 0000000000000 0000 0000 0000 #(M)

The SHA Family of Hash The most common (and best) hashes are the SHA hashes. 1993, The US National Institute of Standards and Technology (NIST), developed a new hash SHA-0 1995, the NSA stepped in and fixed it: SHA-1 (160-bit hash).

SHA1 A birthday attack on SHA-1 should need 2^80 hash tests In 2005 a 2^63 attack was found. Not really practical, but no-one trusts SHA-1 any more. So SHA-2

SHA2 SHA2 is an improved version of SHA1 with a longer hash. 256 or 512 bits: also called SHA256, SHA512. Based on SHA-1 it has some of the same weaknesses. So, even though it seems secure the cryptographers aren t happy.

The SHA-3 Competition Submissions opened on October 31, 2008, Round 1 13 submissions rejected without comment. 10 withdrawn by authors. 16 rejected for design or performance. Inc. Sony s Conference in Feb 2009. 14 scheme picked to go through to round 2. Dropped schemes include Ron Rivest s, Lockheed Martin

The SHA-3 Competition Winner announced on October 2, 2012 as Keccak, (Daemen et al. the AES guy) This is too soon for it to be in standard APIs Expect this to be the standard soon.

Merkle Damgård (MD) Hashes The MD family of hashes is also popular. MD4 & MD5 used, but weak. Only useful when we only care about preimage attacks or Integrity. MD6: Ron Rivest s candidate for SHA3. Seems good & fast.

Broken Hash to MAC If we had a Hash we could try to make a MAC by: MAC Key (M) = H(Key,M) But this might allow a length extension attack.

Broken Hash to MAC 0000000000000 Key Pay Bob 10 0000 0000 0000 MAC Key (Pay Bob 10) Only Alice and the Bank know Key Alice sends Pay Bob 10,MAC Key (Pay Bob 10) to Bank

Broken Hash to MAC Key Pay Bob 10 Pay Elvis 10 0000000000000 0000 0000 0000 MAC Key (Pay Bob 10) MAC Key (Pay Bob 10, Pay Elvis 10) Only Alice and the Bank know Key Alice sends Pay Bob 10,MAC Key (Pay Bob 10) to Bank Attacker Elvis can add to the message without the key

HMAC To stop this (and other attacks) we use HMACs: Given a hash function H we define: HMAC K (M) = H( (K xor opad), H( (K xor ipad), M) ) opad= 0x5c5c.5c ipad= 0x3636..36

Password Protection People reuse passwords and sys admins, can be attackers. To protect passwords, only the hash is stored. When a user enters a password the system hashes this, and compares it to the true value. If an attacker gets the password file, they don t get the passwords.

Password Cracking But: if an attacker gets the password shadow file they can try to guess a password and check if the hash of their guess is in the list. Truly random passwords are safe. Dictionary words are not.

Linux\Unix password file Password hashes use to be in /etc/passwd and public readable! Now /etc/passwd user info /etc/shadow password hashes shadow can only be read with root level access.

Windows Password Hashes Windows stores its password hashes in: system32/config/sam This file requires Admin level to read. It is locked and encrypted with a key, based on other key values. This adds no real security

John The Ripper State of the art, free, password cracker. http://www.openwall.com/john/ See demo. More shadow./john shadow

HashCat Claims to be the fastest password cracker Very good parallelisation and some good guessing tactics. Free but closed source. http://hashcat.net

Better Security: Salt Add some random public data to the hash. Result: pre-computed tables don t help. Stops rainbow tables, does nothing to stop brute force attacks.

Slowing down the hashing. Instead of applying the hash function just once you can apply it 1000 times. This slows down brute force attacks 1000 times. Very small delay to log on, makes cost much higher for attacker.

Conclusion Computer Security people had a clever idea to protect passwords. They then had a even cleverer idea to crack passwords. Results: Passwords are a weak point. If you have physical access to a computer you can probably crack the password.

Conclusion Use the strongest possible hash for passwords Enforce strong passwords. Salt the password list Use access control to protect the password list from remote attackers.

Today s Lecture Hash functions: Generates a unique short code from a large file Uses of hashes MD5, SHA1, SHA2 Message Authentication Codes Password protection Password cracking.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback