Algorithms once believed to be secure, like MD5, have been long cracked. While choosing a hashing algorithm, we must decide how far we need to go to ensure the needed protection. If the application uses an application-layer protocol of our own design, it’s not difficult to add plain CRC, a CRC-protected data-compression, or even a cryptographic hashing code. One very good example of CRC protection at the application layer is the HTTP compression algorithm (defined in RFC 7231). The more robust the detection, the more overhead and higher the latency and computing power. Furthermore, to achieve higher protection, we can use even stronger hashing algorithms, like SHA-256 (the same that is used by some known crypto-currencies). We can use the relatively fast and reliable Cyclic Redundancy Check – CRC32 algorithms (used in ZIP files, for instance). In this case, we can add more robust error detection in the application layer messages. Of course, there are applications in which we might not want to let the slightest chance of error not being detected. More robust algorithms shall need fairly different packages to create a collision. Any multiple of 16 different bits on the packet leads to the same checksum. In any case, TCP uses a 16-bit checksum, is this any good? In fact, the main checksum criticism is that the packet difference to generate the same hash code is quite low. That way, brute-forcing might need some somewhat fewer tries. In that context, a collision means that an attacker might gain access, not only by guessing the exact password but also by guessing any other byte-sequence that evaluates to the same hash code. For instance, passwords are usually stored as some sort of hash. In any application relying on hashing, a collision means that system can be fooled to think that two different pieces of information are the same. This is especially harmful when the hash codes are used for error detection or uniquely identifying any object representation. A Collision happens when two different objects evaluate to the exact same hash code. One important concept that arises when we’re evaluating hashing algorithms is Collision. The one’s complement is probably the first main hashing algorithm developed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |