11
從泛民初選 探討HASH保安

從泛民初選 探討Hash保安

Embed Size (px)

Citation preview

Page 1: 從泛民初選 探討Hash保安

從泛民初選探討HASH保安

Page 2: 從泛民初選 探討Hash保安

Hash Function

●Can be applied to a block of data of any size●produce a fixed-length output●relatively easy to compute of any given value, making both hardware and software implementations practical

Page 3: 從泛民初選 探討Hash保安

Hash Function

●For any given hash code h, it is computationally infeasible to find x such that H(x) = h. We called it one-way property

Page 4: 從泛民初選 探討Hash保安

Hash Function

●For any given block x, it is computationally infeasible to find y <> x with H(y) = H(x). This is referred to as weak collision resistance.

Page 5: 從泛民初選 探討Hash保安

Hash Function

●It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). It is referred to as string collision resistance.

Page 6: 從泛民初選 探討Hash保安

Usage

●Password Protection●As a fingerprint of a message, data or file (Checksum)●Data Normalization (ID Generation)

Page 7: 從泛民初選 探討Hash保安

Common Cracking

●Pattern Finding●Birthday Attack●Dictionary Attack

Page 8: 從泛民初選 探討Hash保安

Solution

●publish the method and open the source for all people to review.●increase the length of the hash code.●add salt

Page 9: 從泛民初選 探討Hash保安

Possible Cracking of HKID Hash Code

●Server had been cracked●Dictionary Attack●man in middle (Depends on the Design)●Virus●Key Logger●Binary or source code disclose

Page 10: 從泛民初選 探討Hash保安

Workshop

●openssl●md5sum●shasum●Fun on cracking my 30000 hash codes

Page 11: 從泛民初選 探討Hash保安