12. (1 point) Let's say we use the following as the MAC function: $MAC_k(m) = h(k||m)$ Devise an attack against it (assuming we are using SHA2 as the hash function).
Added by Oluwaseun V.
Close
Step 1
This is vulnerable to a length extension attack because SHA2 is a Merkle-Damgård construction. Show more…
Show all steps
Your feedback will help us improve your experience
Adi S and 58 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Let H be a Merkle-Damgard hash function and suppose that a keyed HMAC function is defined by H(k || m). Why is this insecure? Provide the mathematical details.
Adi S.
Akash M.
5.7 If we define a hash function (or compression function) h that will hash an n-bit binary string to an m-bit binary string, we can view h as a function from Z2n to Z2m. It is tempting to define h using integer operations modulo 2m. We show in this exercise that some simple constructions of this type are insecure and should therefore be avoided. (a) Suppose that n = m > 1 and h : Z2m -> Z2m is defined as h(x) = x^2 + ax + b mod 2m. Prove that it is (usually) easy to solve Second Preimage for any x in Z2m without having to solve a quadratic equation. HINT Show that it is possible to find a linear function g(x) such that h(g(x)) = h(x) for all x. This solves Second Preimage for any x such that g(x) != x.
Madhur L.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD