0

I am learning Cryptography and using OPENSSL to implement whatever I am learning. Recently, I found one of the assignment questions and am trying to solve it. I don't have problem understanding most of the questions but this one.

4 Task 2: One-Way Property versus Collision-Free Property In this task, we will investigate the difference between two properties of common hash functions: one-way property versus collision-free property. We will use the brute-force method to see how long it takes to break each of these properties. Instead of using openssl’s command-line tools, you are required to write your own C program to invoke the message digest functions in openssl’s crypto library. Docs can be found at http://www.openssl.org/docs/crypto/EVP_DigestInit.html. Laboratory for Computer Security Education, CMSC 414, Spring 2013 2 Since most of the hash functions are quite strong against the brute-force attack on those two properties, it will take us years to break them using the brute-force method. To make the task feasible, in all of this project we reduce the length of the hash value to 24 bits. We can use any one-way hash function, but we only use the first 24 bits of the hash value. Write a program that, given a 24-bit hash value, finds a matching text (only lower-case ASCII charac- ters). Your program will have to repeatedly 1) generate a random text, 2) hash it, 3) compare lower 24 bits to the input. Your program (source must be called task2.c) will be called as follows:

          ./task2 <digest name> <hash value>

e.g, ./task2 sha256 2612c7. . . and your program must write the winning text to task2.out. Please ensure the output is readable and writable, i.e.:

       open("task2.out", O`enter code here` WRONLY | O CREAT, 0644);

We will verify with command line tools, e.g., openssl dgst -sha256 task2.out. Question: How many texts did you have to hash to find a specific hash? (give average of three trials)

I am not able to understand how to start writing my program. Any inputs are greatly appreciated. As I am not solving it for a home work. I am looking for some pointers and not the code.

Kate Gregory
  • 18,808
  • 8
  • 56
  • 85
Alfonso Ward
  • 1
  • 1
  • 1

2 Answers2

1

Well, reading the text to me its clear what is the task, and unclear which part you do not get. Where to start?

  • create a skeleton program like hello word
  • create a function that generates a random text
  • create a function that takes text and a hash-id, and uses openssl to hash it, returning the hash
  • create a function that extract the lower 24 bits of the hash
  • create function that takes the command line params and convert them to a 24-bit number that is the looked-for hash and the hash-id to drop at openssl (or exits with error indication)
  • run a loop that keeps feeding new random strings until the resulting hash matches the req and counts
  • write the winning text to file and the number to output
  • do all the remaining tasks from assignment...
Balog Pal
  • 16,195
  • 2
  • 23
  • 37
1

The algorithm is well laid out by Balog Pal. Just to add a few things: In one-way property, you are given a hash and you search for another text with the similar hash. In collision-free property, you just need to find two texts with similar hashes. So you start by generating two texts and compare their corresponding hashes. If they are the same, you have found a collision. If not, you store the already generated hashes and then generate a new text, find its hash and Compare it with the stored hashes. if any stored hash matches with it, you have found a collision, else store it in the list of stored hashes. Repeat the cycle until you find a collision.

The python implementation of the same can be found at the below link. It includes minimum comments, so you have to figure out everything from the code. Once that is done, then try implementing it in C or java.

https://github.com/arafat1/One-Way-Property-versus-Collision-Free-Property/blob/master/HashProperty.py

Invin
  • 802
  • 8
  • 10