## Probability of colisson for classes of hash functions

I am going through some old exams in one of my courses, and I don’t have acces to solutions, and found a exercise I am not sure how to tackle. I am not looking for the answer but some help/guidance if possible.

Consider a class of hash funtions , $$\mathcal{H}$$, over a finite universe $${U}$$ into {0, … , n-1}. Where $$|U|$$, n > 1.

Show that for any family of hash functions: $$Pr[h(u_1) = h(u_2)] \geq \frac{1}{n} – \frac{1}{|U|}$$ Here, the probability is over the choice of the hash function h drawn uniformly at random from the family H.

Posted on Categories proxies

## Finding original command result from MD5 hash

Basically I hashed the result of the “date” command with md5sum:

$date | md5sum  The output is indeed in the likes of: e4c94362cd4fd71ec6aca78c7411bdc3 -  My question was: is it possible to recover the result of the date command knowing the date pattern (except for maybe the minutes and seconds)? I tried using john’s mask option as well as a custom wordlist, without result. Do you guys have any idea how we could pull that off? ## Efficiently extendable hash function? I’m wondering whether there exists some good known hash functions with the following property: Assume that $$x$$ is some string over some alphabet $$A$$, then given $$H(x)$$ we can compute in $$O(1)$$ time both $$H(ax)$$ and $$H(xa)$$ for any letter $$a\in A$$. In practice one can assume that $$A$$ is e.g. the set of $$8$$-bit integers. In other words, a hash function for strings that can quickly be extended in both directions. I’m of course, only interested in hash functions that actually distribute the data well and which are very fast to compute in practice. Posted on Categories proxies ## How Long Should a Hash be to be Absolutely Secure? Is there some sort of rule to determine how large a hash should be to ensure the security (meaning exactly one message maps to a given hash) of a message? Something that can be applied to any message, such as a 32-bit number or an 8-letter ASCII password. ## Choosing an independent hash function, given hash function value Supposed we have a function $$h:U\to [m_1]$$. Given this hash function, can we generate without using randomization or a universal hash collection another hash $$h’:U \to [m_2]$$, which depends on $$h$$ and the values of $$h'(x)$$ are uniform? i.e., for every value $$y\in [m_2]$$ we have $$\Pr_{x} (h'(x)=y|h)=1/m_2$$ ($$x$$ is chosen at random). I know that if $$U=[2^t]$$, $$m_1=2^{n_1}$$, $$m_2=2^{n_2}$$, $$t>n_1+n_2$$ and $$h(x)$$ is the first $$n_1$$ bits of $$x$$ this problem is easy: we can select $$h'(x)$$ to be the bits $$n_1+1$$ till $$n_2$$ of $$x$$. My question is how to generalized this approche. Posted on Categories proxies ## Computing hash of a compound key Why is the initial value of hash 17 and not 0? /** * Returns an integer hash code for this date. * * @return an integer hash code for this date */ @Override public int hashCode() { int hash = 17; hash = 31*hash + month; hash = 31*hash + day; hash = 31*hash + year; return hash; }  https://algs4.cs.princeton.edu/code/edu/princeton/cs/algs4/Date.java.html ## Where can I find the official hash file for my Apache Netbeans download? So, as prompted by the Apache download site, I have generated a hash for my new NetBeans download. It STRONGLY encourages me to compare my generated hash with their official hash file. To check a hash, you have to compute the proper checksum of the file you just downloaded ; then compare it with the published checksum of the original. Well I generated my own, but it doesn’t appear that they actually have an official published checksum for NetBeans. Should I be worried? Posted on Categories proxies ## Are there any negatives to Hash Analysis methodology? Just been doing some reading regarding Signature File Analysis, I’ve noticed that an attacker when hiding a file can alter the first few bytes of a file which corrupts the file signature, making it more difficult for an analyst to detect. Does this apply to Hash Analysis? If not are there any downsides to this methodology Posted on Categories proxies ## I have heard that we can convert any text to hash code , but hash code can’t be converted back to text without brute force Suppose we consider a text mal hash code of m is$ $. m= 6f8f57715090da2632453988d9a1501b . a= 0cc175b9c0f1b6a831c399e269772661 . l= 2db95e8e1a9267b7a1188556b2013b33 . ma= b74df323e3939b563635a2cba7a7afba . mal= 749dfe7c0cd3b291ec96d0bb8924cb46$ \$ .

So each hashcode has 32 elements letters go from a,b,c,d,e,f Numbers go from 0,1,2,…..9 So what I observed was some when we add a letter some numbers are kept like it is just changing it’s order. So is there some logic in it ?So is there some easier method?

Posted on Categories proxies

## Triple handshake attack – what are the implications of not supporting RFC 7627: “Session Hash and Extended Master Secret Extension”?

The referenced RFC details a mitigation to what appears to be the ability to compromise a TLS connection through an attack known as the ‘triple handshake attack’.

How serious is this vulnerability? How could this vulnerability be exploited and what would the impact be?

The related RFC for this can be found here: https://tools.ietf.org/html/rfc7627

Posted on Categories proxies