Beruflich Dokumente
Kultur Dokumente
υ
1.1 Lab - Encryption Using Classical Techniques
In this project you will develop a program to encrypt plaintext text given a keyword. The plaintext will
be encrypted by Playfair cipher and the cipher text is displayed for a user.
Playfair Cipher (description taken from William Stallings “Cryptography and Network Security, Principles
and Practice) is the best-known multiple letter encryption cipher, which treats diagrams in the plaintext
as single units and translates these units into cipher text diagrams. (This cipher was actually invented by
British scientist Sir Charles Wheatstone in 1854, but it bears the name of his friend Baron Playfair of St.
Andrews, who championed the cipher at the British foreign office.)
The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed using a keyword. Here
is an example:
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the
matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is
encrypted two letters at a time according to the following rules:
1. Repeating plaintext letters that would fall in the same pair are separated with a filler letter, such
as x, so that balloon would be enciphered as ba lx lo on.
2. Plaintext letters that fall in the same row of the matrix are each replaced by the letter to the
right, with the first element of the row circularly following the last. For example ar, is encrypted
as RM.
3. Plaintext letters that fall in the same column are each replaced by the letter beneath, with the
top element of the row circularly following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter is replaced by the letter that lies in its own row and column
occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM).
φ
Solution of Play Fair Cipher
1. Double-click to Open NetBeans
2. Click File > Open Project and browse to Play Fair project under \Desktop\Crypto\Programming-
Sol\1.1-Playfair-(Java)
3. Select NetBeans Project and Click Open Project.
4. Browse playfair > Source Packages > playfair
5. Double-click to look at code in playfair.java
6. Right click PlayfairGUI.java and click Run File. Enter KEYWORD as Keyword and click Generate
Key Table.
χ
1.2 Lab on Frequency Analysis
The cryptanalyst can benefit from some inherent characteristics of the plaintext language to
launch a statistical attack. For example, we know that the letter E is the most frequently used
letter in English text. The cryptanalyst finds the mostly-used character in the ciphertext and
assumes that the corresponding plaintext character is E. After finding a few pairs, the analyst
can find the key and use it to decrypt the message. To prevent this type of attack, the cipher
should hide the characteristics of the language. Table 1 contains frequency of characters in
English.
Cryptogram puzzles are solved for enjoyment and the method used against them is usually some form of
frequency analysis. This is the act of using known statistical information and patterns about the plaintext
to determine it. In cryptograms, each letter of the alphabet is encrypted to another letter. This table of
letter-letter translations is what makes up the key. Because the letters are simply converted and nothing
is scrambled, the cipher is left open to this sort of analysis; all we need is that ciphertext. If the attacker
knows that the language used is English, for example, there are a great many patterns that can be
searched for. Classic frequency analysis involves tallying up each letter in the collected ciphertext and
comparing the percentages against the English language averages. If the letter "M" is most common
then it is reasonable to guess that "E"-->"M" in the cipher because E is the most common letter in the
English language. These sorts of clues can be bounced off each other to derive the key and the original
plaintext. The more collected cipher text the attacker has, the better this will work. As the amount of
information increases, its statistical profile will draw closer and closer to that of English (for example).
This sort of thing can also be applied to groups of characters ("TH" is a very common combination in
English for example). The example frequency analysis image above was performed on the first three
sentences of this paragraph turned into a cryptogram. As you can see, the English language is very
predictable with regard to letter frequency and this can exploited in some situations to break ciphers.
ψ
The goal of this lab is to gain a better understanding of a statistical attack by programming some of the
important components to analyze/manipulate arrays of characters. You will be given an almost fully
working C# .NET application (contained in CPSC4600-Lab1.zip). To get this application fully working, you
will need to implement the empty methods. After these methods are complete, the program can then
be used to complete the remainder of the lab. You do not need to change any of the UI code to get this
working, only methods in the Encryption.cs class.
Getting Started
-Open up Visual Studio 2008. (If you do not have a copy for your own computer, it is available through
the Microsoft Academic Alliance Program as well as Microsoft’s Dreamspark web site)
-Open up the .sln file in StatisticalAnalysis folder with Visual Studio 2008
-The project’s contents will be listed on the right-hand side of the IDE.
-MainForm.cs is the UI code that can be left alone (if you would like to tinker with it, you may want to
work on a copy)
-StatisticalAnalysis.cs contains the methods you will need to implement in order to finish the lab. C# is
very much like Java, if you have any questions about the language MSDN is a great resource
(http://msdn.microsoft.com/en-us/vcsharp/aa336809.aspx)
ω
Fill In The Code…
Read the descriptions and hints carefully and fill in the missing methods in StatisticalAnalysis.cs.
Lab Questions
1. What type of cipher is this program useful for breaking?
2. In this type of cipher, the relationship between characters in the plaintext and characters in the
ciphertext is __________.
3. List the frequencies for the top 4 characters found in the given ciphertext:
MKLAJZHAIUQWKHJABZNXBVHAGKFASDFGALQPIWRYIOQYWIERMASVZMNBZXCKJASDFGLKJFHWQERYI
OQWTYIOASUDYFLASKJDHFZMZVBCXMVQLWERYIQRASDFQIWUERYIHKMFMAKHLSDFYUIOQWYREIORYI
WQEUFHAKDFHLKASHFKVBBBNASMDFSADFWQEUYRUUEYRUUUQKASJHFKJDSHFSNBNBNBNBABABAAA
SKJFHLKJSADHFIDUASFOYDASIYFQWERBQWBRKLJLKASSADFDFDASDA
4. Break the cipher text given in the following. What is the plaintext? What is the key?
ϊ
OTWEWNGWCBPQABIZVQAPMLJGZWTTQVOBQUMAPMIDGZCAB
EQVBMZLZIXMLAXZQVOQVLMMXAVWEIVLLIZSNZWAB
JQZLWNLMTQOPBVIUMLGWCBPAEQNBTGTMNBBPMVMAB
ITIAKWCTLVBBQUMQBEPQTMQBEIAQVUGBZCAB
- StatisticalAnalysis.cs
- A text file or Word document containing yours answers to the Lab Questions
- If you changed any other files in your project, please include them as well
ϋ
2. Select Program.cs and click Run and copy the following to Ciphertext box
OTWEWNGWCBPQABIZVQAPMLJGZWTTQVOBQUMAPMIDGZCAB
EQVBMZLZIXMLAXZQVOQVLMMXAVWEIVLLIZSNZWAB
JQZLWNLMTQOPBVIUMLGWCBPAEQNBTGTMNBBPMVMAB
ITIAKWCTLVBBQUMQBEPQTMQBEIAQVUGBZCAB
ό
3. Click Examine Ciphertext
ύ
5. Observe source code and close the project.
υτ
2.1 Lab on encryption using binary/byte addition
Under this encryption algorithm, the key entered is added character by character (byte by byte) to the
data to be encrypted. Here addition modulo 256 is used, i.e. so that any carry-overs are ignored. The key
is applied cyclically (as under the Vigenère encryption algorithm and also with the Exclusive-OR), i.e.
once all the characters (bytes) of the key have been used, the algorithm reverts to the first character
until the text has been completely encrypted.
To decrypt the text, the characters of the key have to be subtracted from the encrypted text modulo
256.
If one knows the characters which occur most frequently in the plaintext, it is then possible to work out
the key with the aid of a computer (and hence also the plaintext) (see Automatic analysis, Byte
Addition).
The key used for Binary Addition is entered in the Key entry dialog.
This encryption algorithm can be easily broken with a Ciphertext-Only attack (see Automatic analysis,
Byte Addition). An example of this will be found in the Examples chapter.
υυ
We can see from the histogram that the character which occurs most frequently is the letter E. This is
true of many German and English texts. This information will be used later on during our attack.
υφ
5. cipher text only attack will be performed. Choose from menu “Analysis\Symmetric\Ciphertext-
only\Byte Addition”.
We are told that key length is calculated to be 4. The commonest character is E with hexadecimal value
of 45. If we look at the plaintext, the most frequently character is e with hexadecimal value of 65. We
enter into the Expected most common character field in the Byte-by-byte Addition Analysis box 20 (=65-
45).
6. Click “Continue”, CrypTool has been able to find the key. The only information was needed to do this
was the fact that the character which occurred most frequently in the plaintext was the lower case
letter e.
υχ
8. If the text is compressed prior to encryption then we will not be able to draw any conclusions from
the frequency distribution of the characters in the text about the frequency distribution of the
compressed text, since the compression process not only reduces size of a file but alters the frequencies
of the individual characters so that they no longer reflect the frequencies of the characters in the
original text. To compress the document, we make startingexample-en.txt active again. And select
“Indiv. Procedure\Tools\Compress\Zip”, the rate of compression is displayed.
10. Click “Analysis\Tools for Analysis\Histogram” to see its histogram. The compression produces a
quite different histogram profile from the one previously obtained for the uncompressed document.
The characters are much more evenly distributed than in the unencrypted document.
υψ
11. Make the compressed document the active window once again and the encrypt it using the same
key 12 34 AB CD.
υω
CrypTool returns an incorrect key length of 12.
Given this key length, it is not possible to find the correct key either.
14. We will check whether it is possible to arrive at a readable version of the text document from the
compressed and then encrypted document. We will provide the key and then unzip.
We will make the compressed and encrypted document the active window again. Choose from menu
“Encrypt/Decrypt\Symmetric\Byte Addition”.
υϊ
16. Choose from menu “Indiv. Procedure\Tools\Compress\UnZip”, and the original text is displayed.
υϋ
2.2 Encryption using binary Exclusive-OR (XOR)
1. Open file CrypTool.bmp from “C:\Program Files (x86)\CrypTool\examples”.
2. Look at the frequency distribution of the characters by clicking “Analysis\Tools for Analysis \
Histogram”.
You can see from the histogram that the character which occurs most frequently has the value 255. In
hexadecimal notation this corresponds to FF. This information will be used later on during our attack.
υό
4. Enter 12 34 56 78 as the key.
5. Click “Encrypt”
υύ
The autocorrelation is calculated and displayed. We are told that the key length is calculated to be 4. As
we have seen in step 2, the most commonest character is FF. This we enter in the Expected most
common character field.
7. Click “Continue”.
8. Click “Decrypt”.
φτ
9. If we compress the document before encryption. By clicking “Indiv. Procedure\Tools\Compress\Zip”.
10. Select “Analysis\Tools for Analysis \ Histogram”, which produces a quite different histogram from
the one previously obtained for the uncompressed picture in bitmap format.
11. Encrypt the compressed document by selecting “Encrypt\Decrypt/Symmetric/XOR” from menu and
use 12 34 56 78 as the key.
φυ
2.3 Triple DES with CBC mode and Weak DES keys
1. Open file “CrypTool-en.txt” from “C:\Program Files (x86)\CrypTool\examples”.
2. Look at the frequency distribution of the characters by clicking “Analysis\Tools for Analysis \
Histogram”.
φφ
6. Look at histogram of the encrypted document, which bears no resemblance to the histogram of the
unencrypted document.
7. The autocorrelation exhibits no regularity which may provide a clue as to the key length.
φχ
8. The decryption of the document functions like encryption except that the Decrypt button is clicked.
9. We want to determine the key from the encrypted document using a brute-force attack.
φψ
11. The first one returns readable results. Click “Accept selection”. The original plaintext shows up.
φω
2. Click “Encrypt” button.
3. Repeat step 1 using the same key. Plaintext shows up on the right.
φϊ
2.4 Lab on Testing Different Modes in Symmetric Ciphers
Symmetric key cryptography provides several modes of operation, including Electronic Codebook (ECB),
Cipher-Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode (CTR),
as shown in Figure 1. Modes of operation have been devised to encipher text of any size employing
either DES or AES. Two important properties of these encryption modes that this lab will explore are
pattern preservation and error propagation. Pattern preservation means that a block of plaintext is
encrypted into a block of cipher text the same way every time; e.g. if Eve finds out that cipher text
blocks 1, 5, and 10 are the same, she knows that plaintext blocks 1, 5, and 10 are the same. Error
propagation means that a single bit error in transmission of a cipher text block creates errors in not only
the decryption of the affected block, but propagates to the following blocks of the message.
Lab Tasks
Create an application to encrypt and decrypt messages using DES or AES ciphers using a programming
language/cryptographic package of your own choice. Java has a mature offering in the form of its Java
Cryptography Extension, which is integrated with the Java 2 SE SDK. An article on using AES with Java
can be found here:
φϋ
Task 1 Implement DES and AES ciphers.
Create an application in the language of your choice that implements encryption of a plaintext series of
bytes, and decryption of the created cipher text.
opmode: CFB
input : 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 00 01 02 03 04 05 06 07
cipher: 61 a1 f8 86 ff 9b c7 09 4f c0 bc 1b 17 3a d7 bb c7 d7 1a 36 61 45 dd a8
plain : 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0e 34 8b 0c bf fb 7f 9c de
Prepare a written report of your examination of the two discussed properties of the different
cryptographic modes of operation. Include a completed version of the table below in your report (fill in
each block with a yes, no, or other comment). Include the source code of your application with your
report.
Pattern
preservation
Error propagation
Hint:
To test pattern preservation property, you can include repeated blocks in your plaintext and observe the
results of cipher text.
To test error propagation property, you can encrypt plaintext first and then modify one bit in ciphertext
and check the decryption results.
φό
Solution of Different Modes in Symmetric Ciphers
1. Open Microsoft Visual C# 2010 Express if it is not opened
2. Click File > Open Project and Browse to \Desktop\Crypto\Programming-Sol\2.4-Symmetric-
Modes-(C#)\VS-Project
3. Select Crypt10-a3 and Open Project
4. Click Run when program.cs is selected
φύ
6. Save the output with name of DES-ECB-PP
7. click Save and Browse to the location of DES-ECB-PP and use Word Pad to Open it
χτ
8. the Pattern Propagation showed above
9. return to AES/DES Encryption Tool Window
10. select DES, ECB and click EP Test
11. Output file with name of DES-ECB-EP
12. Browse to file of DES-ECB-EP and use Word Pad to open it
13. The Error propagates one or a few blocks.
χυ
3.1 Lab on RSA Encryption and Factorization Attacks
Encryption or decryption of messages using the RSA key pair.
2. Enter the RSA key p=47, q=79, e=37. The parameters N = p*q=3713 and phi(N)=3588 and d=97 are
calculated.
χφ
3. Click Alphabet and number system options
4. Choose specify alphabet under Alphabet Options and number system under Method for coding of
text into number. Enter 2 in Block length in characters.
χχ
5. To confirm your entries, click on OK. You can now enter the input the text, “WORKSHOP AT
CHATTANOOGA”, in the input line and click on the Encrypt button.
χψ
6. To decrypt, copy text in Encryption into ciphertext 1999 # 3408 # 2545 # 2798 # 0001 # 3284 # 3613 #
1404 # 2932 # 0208 # 1095 # 3306 to input text area. And click Decrypt button.
χω
Encryption of the message with block length 1 v.s. encryption of the message with block length 2.
1. Create the RSA key p=251, q=269, e=65537. The value of N is , the value of phi(N) is
, the value of private key d is .
χϊ
2. Click Alphabet and number system options
Choose All 256 ASCII characters under Alphabet options, b-adic under Method for coding and a block
into numbers and 1 in Block length in characters.
χϋ
3. To confirm your entries, click on OK. You can now enter the input the text, “RUBY FALLS!”, in the
input line and click on the Encrypt button.
χό
The encrypted version of this is the number sequence is
The number “#” serves here to visually split up the individual numbers. If you insert these numbers into
the input line and then choose Decrypt, the original plaintext will be restored.
χύ
Choose All 256 ASCII characters under Alphabet options, b-adic under Method for coding and a block
into numbers and 2 in Block length in characters.
ψτ
6. You will receive a cipher text that is only half as long:
ψυ
Attack on RSA encryption with short RSA modulus
The analysis is performed in two stages: first of all the prime factorization of the RSA modulus is
calculated using factorization, and then in the second stage the secret key for encryption of the message
is determined. After this, the cipher text can be decrypted with the cracked secret key.
To break down the natural number, select menu sequence Indiv. Procedure/RSA Cryptosystem /
Factorization of a Number.
ψφ
It is interesting to see which procedure broke down the RSA modulus the fastest.
2. Calculate the secret key d from the prime factorization of n and the public key e:
With the knowledge of the prime factors p = 145295143558111 and q = 440334654777631 and the
public key e = 17579, we are in a position to decrypt the ciphertext.
3. Open the next dialog box via menu selection Indiv. Procedure/RSA Cryptosystem/RSA
Demonstration:.
5. Click on Alphabet and number system options and make the following settings:
ψχ
Alphabet options: Specify alphabet
Block length: 14
6. Enter the following cipher text in the input text field. And click Decrypt button.
45411667895024938209259253423,
16597091621432020076311552201,
46468979279750354732637631044,
32870167545903741339819671379
ψψ
Check your results: “NATURAL NUMBERS ARE MADE BY GOD”
ψω
Side Channel Attack to RSA:
1. Select from menu: “Analysis” \“Asymmetric Encryption” \“Side-Channel Attack on Textbook RSA”
ψϊ
3. Click “Perform preparation” and click “OK”
ψϋ
5. Click “Generate session key” and “Session Key”. The generated session key is “9E B7 61 D9 E4 F9
34 AA 91 F7 C4 CB 56 7D 98 88”.
ψό
8. Click “Encrypt document symmetry.”, “Encrypt session key asymmetry.” and “Save”.
ψύ
9. Click “Transmit message” and “Decrypt message”.
ωτ
12. Click “All steps at once” button.
ωυ
The session key is 9EB761D9E4F934AA91F7C4CB567D9888 which matches the one generated in Step 5.
ωφ
3.2 Lab on Short Message RSA Attacks and Padding
In short message attack of RSA, if it is known that Alice is sending a four-digit number to Bob, Eve can
easily try plaintext numbers from 0000 to 9999 to find the plaintext. Therefore, short message must be
padded with random bits. If you are Eve, show that you are able to find the plaintext containing four
digit numbers given ciphertext.
Optimal asymmetric encryption padding (OAEP) is recommended when short messages are encrypted
with RSA algorithms. The following is the encryption and decryption processes of OAEP.
Encryption
Pad the message to make m-bit message M, if M is less than m-bit
Choose a random number r
User one-way function G that inputs r-bit integer and outputs m-bit integer. This is the
mask.
P1 = M ⊕ G®
P2 = H(P1) ⊕ r, function H inputs m-bit and outputs k-bit
C = E(P1 || P2). User RSA encryption here
Decryption
P = D (P1 || P2)
Bob first recreates the value of r:
H(P1) ⊕ P2 = H(P1) ⊕ H(P1) ⊕ r = r
Pad your message with OAEP padding and then encrypt by RSA.
What to submit:
A report describes how you find the unpadded short plaintext (50 points), describes what you have
observed after you apply OAEP padding (20 points), and discusses feasibility of short message attack
after padding (30 points).
ωχ
3.3 Lab on RSA Timing Attacks
RSA Timing Attacks
Brief Description
A timing attack is an attack which cleverly uses the fourth dimension, time. If an algorithm is not
specifically designed to thwart this attack, then an attacker can observe the required amount of time for
a calculation to be done and monitor the differences in calculation times. For example, the calculation of
converting a “0” in plain text to cipher text versus converting a “1” in plain text to cipher text may
require less time. This measured amount of time can be used to rebuild the key or figure out the plain
text.
Lab Overview
RSA Encryption is complicated and also has protections against timing attacks, so we will be using a
more simple example for this lab. We have performed two operations many, many times, specifically
the add and multiply operation. The add is performed much faster than the multiply especially when
scaled across many iterations. We will use this as our test case; a shorter operation will represent the
processing of a zero and the long operation would represent the processing of a one. So given a stream
of output times from a program which monitors these operations, you should be able to reconstruct a
string ones and zeroes.
Different machines will require a different amount of time to process. So our implementation will take
this into account by not using specific time values when processing the times from our “gathered” data.
It may be a good approach to calculate an average time, and then compare each time value against this
value to determine if it is a “1” or a “0”. After we have created a string of ones and zeroes, we will
process these to generate our ASCII output (Google “ascii table”, if you are confused)
To Complete...
Using Visual Studio, open the provided “TimingAttackLab.sln”. This project was used to create the file
“time_data”, which should be located in “....\TimingAttackLab\bin\Debug\”. Have a look at the
“time_data” file; it is simply the number of ticks used to calculate a 1 or a 0. We assume a 1 takes more
time to calculate than a 0.
The project only has a few functions that are left to be implemented in order for you to decrypt the
super-secret message.
-Your implementation of the functions “public static String BinStr2ASCII(String BinStr)” and
ωψ
And answers to the following questions:
1) What are some possible ways an algorithm could be designed to thwart timing attacks?
2) What assumptions must be true for an attacker to be able to perform a timing attack?
3) As a machine increases in processing power, is the difference in processing time between inputs (for
example a one and a zero) likely to be greater or smaller?
ωω
4.1 Lab on hash generation and sensitivity of hash functions to plaintext
modifications
Keyed-Hash Message Authentication Code (HMAC) ensures integrity of a message and authentication of
the message. It requires a common key for sender and recipient.
4. Enter your key “chattanooga”. The HMAC code generated from the message and the key is
66 C2 2E BA 41 36 6D EB EA FB 8E B1 7D B1 3B 42 5A 15 98 E1
ωϊ
5. Select from menu “Indiv. Procedures” \“Hash” \“Hash Demonstration”.
ωϋ
6. Select a hash function from Selection of hash function.
7. add a space after CrypTool in plaintext. We will see 49.22% bits differ (63 of 128). A good hash
function should react highly sensitively to even the smallest change in the plaintext –“Avalanche effect”
(small change, big impact).
ωό
ωύ
4.2 Lab on Hash Function
Either SHA-1, HMAC, or MD5 can be selected to finish the following problems.
Use an example to show that Hash function can help to protect integrity of your message. You can
encrypt your plaintext message, tamper the cipher text and use hash function to check whether the
decrypted messaged is changed.
Use an example to show that if you tamper both ciphertext and hashcode properly, you can escape from
the integrity check of hash function.
ϊτ
5.1 Lab on Digital Signature Visualization
1. Select from menu of CrypTool “Digital Signatures/PKI” \ “Signature Demonstration (Signature
Generation)”
2. Click on “Select hash function”. Choose MD5 (or others) and click OK.
3. Click “Generate Key” and “Generate prime numbers” in step by step Signature Generation dialog.
ϊυ
4. Enter 2^150 as the lower limit and 2^151 as upper limit. And click Generate prime numbers and
apply primes.
ϊφ
6. Click Provide certificate button. Enter
Name: Smith
PIN: cryptool
ϊχ
8. click “Compute hash value”.
ϊψ
10. Click “Generate signature”.
ϊω
12 click “OK”, you will see RSA (md5)signature of <startingexample-en.txt>.
ϊϊ
5.2 Lab on RSA Signature
1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.
PIN: cryptool
ϊϋ
4. The following window shows up and click OK:
ϊό
6. The certificate is displayed by clicking on the Show certificate pushbutton.
7. Close both dialogs on Certificate Data and Available Asymmetric Key Pairs.
8. To sign the document of CrypTool-en.txt, select Digital Signatures/PKI\Sign Message. Enter the
following
ϊύ
Choose hash function: RIPEMD-160
ϋτ
9. Click OK button. The dialog box closes and the signed document is displayed.
10. The signature is at the start of the document and the document to be signed is at the end, as can be
verified easily by comparing with the original document. A clearer presentation, with the separation of
the signature and the document, can be obtained by selecting Digital Signature/PKI\Extract Signature.
ϋυ
11. Select Digital Signature/PKI\Verify Signature to check that the document has not been altered.
ϋφ
12. Select John Smith from the list of signatures and click on the Verify signature button. The following
dialog appears.
14. Select Digital Signature/PKI\Verify Signature, the following dialog box appears:
ϋχ
5.3 Lab on Attack on Digital Signature/Hash Collision
Find two messages with the same hash value.
1. Select “Analysis” \“Hash” \“Attack on the Hash Value of the Digital Signature” from the menu.
2. Click “Options”.
ϋψ
3. Choose MD5 under Hash function and 40 for Significant bit length, and click Apply.
4. Click “Start Search” in dialog of Attack on the Hash Value of the Digital Signature.
6. After modifying the two messages, the hash value of them are the same. The message will not appear
to change, since only unprintable characters will be used to modify them.
ϋω
A 72-bit partial collision (i.e., the first 72 hash value bits are identical) was found in a couple of days
using a single PC. Today signatures with hash values of 128 bits or less are vulnerable to a massive
parallel search. It is therefore recommended to use hash values with a length of at least 160 bits.
ϋϊ
5.4 Lab on Digital Signature
Problems One:
Generate keys and a digital signature for data using the private key and to export the public key and the
signature to files. Verify a digital signature by importing a public key and a signature that is alleged to be
the signature of a specified data file and to verify the authenticity of the signature.
ϋϋ