Application of Hash Function and Its Security
First, the application of hash function (Hash Function, Hash Function).
1. Check whether the text is complete or not.
Currently the most widely used hash functions are SHA-1 and MD5, most of which are 128 bits and longer. Hash functions are widely used in real life. Many download sites provide the MD5 code check of the downloaded file, which can be used to determine whether the file is complete. In some BitTorrent downloads, the software will check the integrity of the downloaded file segment by calculating MD5.
2. Realize the secure storage of passwords, passwords and other secure data
We need to store a lot of key data such as passwords in the database, but in the process of actual application, it is only a comparison operation, and we can compare the HASH results.
3. Limited fixed digest length
Digital signatures use these characteristics to improve efficiency. We know that the speed of asymmetric encryption algorithm is low. Through HASH processing, we can make it only act on the HASH digest, thereby improving efficiency.
4. Use HASH in the generation of random numbers and the derivation of passwords, salt values, etc.
Because the HASH algorithm can guarantee its uniqueness to the greatest extent, it can be used in the derivation of key data (generated from a random seed number, and does not reveal the secret of the seed itself).
2. Security issues and development of hash functions:
Reason: Hash collision: Two different inputs, after going through the hash algorithm, get the same hash value, which is called hash collision.
Since in the usual hash algorithm, the space of the hash value is much smaller than the space of the input, which means that the information entropy is lost.
A set (input) with a larger space is mapped to a set (hash value) with a smaller space through a hash algorithm, which will inevitably cause multiple inputs to be mapped to a hash value, which is the so-called hash collision.
Example: birthday attack.
First understand the birthday paradox:
Birthday Paradox: If there are 23 or more people in a room, there is a greater than 50% chance that at least two people will have the same birthday. For more than 60 people, this probability is greater than 99%.
Strictly speaking, this is not a paradox. It is called a paradox because it goes against people's common sense.
Birthday attack is a cryptographic attack method based on the birthday problem in probability theory.
According to the birthday paradox, if the number of digits in the hash value is too short, it is easy to find a set of (two) inputs with the same hash value, which is one of the most common applications of birthday attacks.
Using a 64-bit hash function, there are approximately 1.8 × 10^19 distinct hash values.
If the probability of producing each hash value is the same, then it only takes about 5.1 x 10^9 (5.1 billion) brute force attempts to get a hash collision.
Example: Wang Xiaoyun cracked MD5.
The biggest problem with MD5 is that, through the work of scholars such as Professor Wang Xiaoyun in China , md5 has been proven to be able to perform collision attacks. That is, an attacker can generate two applications with different content but the exact same hash value.
In the application of cloud storage, this kind of harm is manifested in that an attacker can forge a Windows installation CD, embed a Trojan in it, and make the MD5 hash value consistent with the CD officially released by Microsoft through the above methods, and upload it to the sharing network first. on the plate. If the network disk uses MD5 to check for duplicate files (such as an offline download service), the Trojan will be implanted on the computer of the user who wants to download the original CD.
This form of attack is not just a matter of fact. According to Microsoft's official report , a Trojan named Flame uses a similar method. Of course, this method is still a very advanced attack method.
The development of hash functions:
MD5 and SHA1 are currently the most widely used Hash algorithms
SHA1 is designed by the NIST NSA to be used with DSA. It produces a hash value of length 160 bits for input lengths less than 2^64 bits, so it is more resistant to brute-force.
The latest development is: When using a secure hash algorithm, consider using the SHA-2 family of algorithms or even higher-level algorithms instead of MD5 .
三、 说明md5算法在验证软件完整性时可能出现的问题。:
MD5是哈希的一种。
哈希就是把任意长度的输入,通过散列算法,变换成固定长度的输出。
这种转换是一种压缩映射,也就是,散列值的空间通常远小于输入的空间,不同的输入可能会散列成相同的输出,所以不可能从散列值来唯一的确定输入值。简单的说就是一种将任意长度的消息压缩到某一固定长度的消息摘要的函数。
MD5是消息摘要,消息摘要是哈希算法的一种应用,而消息摘要算法是一种碰撞要求极其严格的哈希算法
这些信息摘要算法通常散列都十分均匀,且不容易产生哈希碰撞。由此,我们可以
用MD5的压缩来作为软件的完整性验证。
但是,在使用MD5算法来验证完整性时,由于MD5算法是公开的,所有人都可以获得和使用MD5算法,那就意味着别人可以利用相同的算法针对你的加密值不断地进行计算。如果不对MD5算法进行一些处理,那么当我们将自己的重要接口暴露在互联网上的时候,比如登陆接口,攻击者就可以同样利用MD5加密算法对我们进行撞库攻击和关键信息比对。
而这,也就是md5算法在验证软件完整性时可能出现的问题。