Upload
wan-leung-wong
View
123
Download
1
Embed Size (px)
Citation preview
從泛民初選探討HASH保安
Hash Function
●Can be applied to a block of data of any size●produce a fixed-length output●relatively easy to compute of any given value, making both hardware and software implementations practical
Hash Function
●For any given hash code h, it is computationally infeasible to find x such that H(x) = h. We called it one-way property
Hash Function
●For any given block x, it is computationally infeasible to find y <> x with H(y) = H(x). This is referred to as weak collision resistance.
Hash Function
●It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). It is referred to as string collision resistance.
Usage
●Password Protection●As a fingerprint of a message, data or file (Checksum)●Data Normalization (ID Generation)
Common Cracking
●Pattern Finding●Birthday Attack●Dictionary Attack
Solution
●publish the method and open the source for all people to review.●increase the length of the hash code.●add salt
Possible Cracking of HKID Hash Code
●Server had been cracked●Dictionary Attack●man in middle (Depends on the Design)●Virus●Key Logger●Binary or source code disclose
Workshop
●openssl●md5sum●shasum●Fun on cracking my 30000 hash codes