Oct 18, 2015
CSCI321 Project Proposal Project Group
SS14/1C
Page 1
Project Topic : DSS-14-S1-12: Hash Kit
Project Members: Sim Aik Chun 4234716 [email protected] Ian Chua Zhi Ying 4442416 [email protected] Ng Yuet Yong 4235320 [email protected] Ong Wei Liang Eugene 4235289 [email protected]
Weng Xian 4443822 [email protected]
CSCI321 Project Proposal Project Group
SS14/1C
Page 2
Table of Contents Introduction .............................................................................................................................. 4
Definitions ................................................................................................................................ 5
Hashing .................................................................................................................................. 5
Cryptographic Hash function .................................................................................................. 5
Project Description .................................................................................................................. 6
Requirements ......................................................................................................................... 6
Functional Requirements .................................................................................................... 6
Non-Functional Requirements ............................................................................................. 6
Justification of the requirements ............................................................................................. 7
Software development methodology ...................................................................................... 8
Rational unified Process (RUP) .............................................................................................. 8
Four phases ........................................................................................................................... 8
Why Rational Unified Process (RUP)?.................................................................................... 8
Currently available Hash kits .................................................................................................. 9
Market Survey ........................................................................................................................ 9
Screenshots ..........................................................................................................................10
Cryptool 2 ..........................................................................................................................10
Hash analyzer ....................................................................................................................11
Hash Collision Probability Calculator ..................................................................................13
Advantages/Disadvantages ...................................................................................................14
Cryptool 2 ..........................................................................................................................14
Hash Analyzer ...................................................................................................................14
Hash Collision Probability Calculator ..................................................................................14
Comparison ...........................................................................................................................15
Technical Details .......................................................................................................................15
Software coding languages ...................................................................................................15
Framework ............................................................................................................................16
Software development applications .......................................................................................16
Database ...............................................................................................................................16
CSCI321 Project Proposal Project Group
SS14/1C
Page 3
Techniques ............................................................................................................................16
Project Summary ......................................................................................................................18
References ..............................................................................................................................19
CSCI321 Project Proposal Project Group
SS14/1C
Page 4
Introduction
Our project is to produce a tool for analysing hash functions, cryptographic and otherwise.
There are various tests that can be applied to test for the occurrence of collisions for example,
and these should be implemented. While some properties are required for cryptographic
functions, some other properties are required for other purposes.
Hash functions with small enough message digests, should be possible to completely analysed,
rather than just statistically analyse them. When you hash the result of a hash you continue to
stay in the message digest space. Continuing this process will eventually result in a cycle in this
hash chain. For hash functions with small message digests is should be possible to construct
complete resolution of the cycle structures of the hash chain and to represent it in an interesting
way.
Our scope of this project is to provide users with an online hash kit application to do analysis of
hash functions. This application is to generate informative properties such as collision rates,
pre-image and second pre-image attack resistance.
CSCI321 Project Proposal Project Group
SS14/1C
Page 5
Definitions
Hashing
A transformation of a string of characters into a usually shorter fixed length value or key that
represents the original string.It is used for index and retrieve items in a database because it is
faster to find the item using a shorter hashed key than to find it using the original value but in
our case, we will using it for our encryption [1].
Cryptographic Hash function
A hash function that takes an arbitrary block of data and return a fixed-size bit string, the
cryptographic hash value (sometimes, it is called message digest) and it should not be easily
decrypted into plain text and also to protect the integrity and confidentiality of the transmitted
message. There are variety of usable functions which can serve the same purposes but there
might be broken functions which may jeopardise the communication of both parties. Below is a
table of hash functions that interest us:
CSCI321 Project Proposal Project Group
SS14/1C
Page 6
Project Description
Requirements
Functional Requirements
GUI Implementation
User can input message digest into the application.
User can upload a text file for processing as well
Compute collision resistance
Compute pre-image resistance
Compute 2nd pre-image resistance
Output collision rate, etc.
Give User option to save output as text file.
Online interactive website.
The website will allow users to sign up, login in and do their relevant testing
Comparison between hash functions
Notifications will be sent to users once the hash functions have produced results
Non-Functional Requirements
User-friendly, consistent GUI
Multi-threading Processing.
Compatibility (E.g. Chrome, IE FireFox Browsers.)(Backward)
Fault Tolerance (Exception Handling/memory leaks)
Good Documentation for users
CSCI321 Project Proposal Project Group
SS14/1C
Page 7
For developers that require security implementation to reference and determine which are the
suitable algorithms available that they can applied to their projects.
Computer-security students would also benefit from clear depiction of the various hash functions
and their properties.
Justification of the requirements
The functional requirements are determined from the perspective of our target audience. Online
hash kit application would have to have a simple and clear interface for the user to derive the
results that he/she wants. Since developers and/or IT-security students could have large
amount of data to be processed for either their projects or personal learning, by including a
feature to upload a text file will be a useful feature for them. We also decided to add informative
notes about IT-security so that students can learn while using our application.
The non-functional requirements are derived to facilitate an enjoyable user experience that isnt
clunky, slow or hard to navigate.
CSCI321 Project Proposal Project Group
SS14/1C
Page 8
Software development methodology
Rational unified Process (RUP)
A comprehensive process framework that provides industry-tested practices for software and
systems delivery and implementation and for effective project management.it promotes iterative
development of software and systems into four phases, each consisting of one or more
excutable iterations of the software at the stage of development.[5]
Four phases
Inception - to scope the system adequately as a basis for validating initial costing and budgets)
Elaboration - to mitigate the key risk items identified by analysis up to the end of this phase)
Construction - to build the software system)
Transition - to transit the system from development to production)
Why Rational Unified Process (RUP)?
After much consideration, Rational Unified Process stands out the most, and is most suitable for
this project. It encourages concurrent workflows across the entire cycle and it mainly focus on
the scope thus the group will not sidetrack instead of using a project backlog after every
iteration. It is also due to time constraint that the concurrent workflow property of RUP could
help us in completing the project punctually.Rational Unified Process is also recommended for
long-term projects with medium-to-high complexity instead of scrum, quick organizations that
are not dependent on deadline.
CSCI321 Project Proposal Project Group
SS14/1C
Page 9
Currently available Hash kits
Market Survey
Here are some hash kits which we found online:
Hash kit Capabilities
(Offline) Cryptool (1/2) [2] - Able to analyze different hashes *(screenshots of the software will be available below) - Informative and user-friendly user interface which allow users to drag and drop function objects to create their own hybrid hash functions/etc
(Online) hash analyzer[3]
- Determine the hash type based on the users input
(Online) Hash collision probability calculator[4]
- Compute (unknown)hash collision probability
CSCI321 Project Proposal Project Group
SS14/1C
Page 10
Screenshots
Cryptool 2
When the software starts up, the cryptool 2 will display a start page which is comprised of
different categories such as the wizard, news, templates and etc
what we are interested in will be the example of how the collision can be detect. Hence, the next
screenshot will be md5 collision detector which has already pre-built in the templates.
CSCI321 Project Proposal Project Group
SS14/1C
Page 11
MD5 Collider function GUI has time, match between both inputs and number of tries.
Hash analyzer
The website gives users to input hash(message digest) and a button to calculate and tabulate
the results.
CSCI321 Project Proposal Project Group
SS14/1C
Page 12
Example: A md5 hash is inserted and Once the button is pressed, it will provide the below
results:
CSCI321 Project Proposal Project Group
SS14/1C
Page 13
Hash Collision Probability Calculator
CSCI321 Project Proposal Project Group
SS14/1C
Page 14
Advantages/Disadvantages
Cryptool 2
Advantages Disadvantages
Comprehensive tool for cryptographic uses It can be complex to navigate or to find a certain object if the user does not read the manual guide
Free for all users. Open-source Project. It is not a lightweight software hence requires more resources to load.
Still in active development. Most current update is (23/01/2014)
It is only available on Windows (not cross platform)
Offline (their online kit does not have any function.)
Hash Analyzer
Advantages Disadvantages
Able to identify the hash type It does not have any hash generator so it requires outside sources of hash.
Quick to compute the hash type It does not have additional information on the the hash type.
It only list the possible hash functions which can be not so accurate.
Hash Collision Probability Calculator
Advantages Disadvantages
Simple user interface Hash function it is calculating for is not clear.
Accuracy unverifiable
CSCI321 Project Proposal Project Group
SS14/1C
Page 15
Not sufficient information
Comparison
Hash kit Cryptool Hash Analyser Hash collision probability calculator
Cross platform x
Online availability
x x x
Compute collision
resistance
x x
Compute pre-image
x x
Compute second pre-
image
x x
Account management
x
Hash function comparison
x
Educational x
Technical Details
Software coding languages
Java, PHP, JAVASCRIPT
CSCI321 Project Proposal Project Group
SS14/1C
Page 16
Framework
CakePHP
Software development applications
Git - revisioning software
Eclipse/NetBeans - IDE environment
Apache - local webserver
Database
MySQL
Techniques
Collision resistance techniques
Birthday paradox - For a set of n randomly chosen people, with a keyspace of 365 days a year.
The probability of same person having the same birthday reaches 100% when n people reaches
366(exceed n value) which means the more people, the higher the probability. This birthday
paradox logic will be used to test hash function collision rate. The larger the dataset is being test
which is the n value, the higher the collision percentage which helps users to determine the
effectiveness of the specific hash function collision resistance.
Weakness - Birthday paradox places an upper bound on collision resistance: if a hash function
produces N bits of output, an attacker who computes "only" 2N/2
( ) hash operations on random input
is likely to find two matching outputs. If there is an easier method than this brute force attack, it is
typically considered a flaw in the hash function
Rainbow table - A huge database filled with unique words to test against a chosen hash function
algorithm. The message digest output of the chosen hash function will be store in a database. A
collision occur when different dataset produce the same message digest. The collision
resistance percentage will be (number of collision)/(number of dataset tested). To produce a
accurate collision resistance graph of a list of hash functions, the same database must be used.
Strength - Easy to implement and understand. Given enough time, it is able to produce very
accurate collision resistance rate.
Weakness - A very huge database is needed to provided an accurate collision resistance rate.
CSCI321 Project Proposal Project Group
SS14/1C
Page 17
CSCI321 Project Proposal Project Group
SS14/1C
Page 18
Project Summary
This online application would be a different kind of product on among the available crypto/hash
tool kits. From its online availability, which ensures compatibility across platforms, our hash kit
would have the best combination of the current market tools that encourages students and/or
developers in other industries to be able to understand the technical aspects of IT security.
CSCI321 Project Proposal Project Group
SS14/1C
Page 19
References
1. Margaret Rouse. (2005). What is hashing?. Available:
http://searchsqlserver.techtarget.com/definition/hashing. Last accessed 27th January 2014
2. Cryptool portal - cryptography and cryptanalysis. Available:
https://www.cryptool.org/en/. Last accessed 29th January 2014
3. Hash Analyzer. Available:
http://tools.question-defense.com/hash-analyzer. Last accessed: January 29, 2014
4. What's the probability of a hash collision? David Johnstone. Available:
http://davidjohnstone.net/pages/hash-collision-probability. Last accessed: January 29, 2014
5. IBM Rational Unified Process (RUP). Available:
http://www-01.ibm.com/software/rational/rup/. Last accessed: January 29,2014
6.Pass, R."Lecture 21: Collision-Resistant Hash Functions and General Digital Signature Scheme". Course on
Cryptography, Cornell University, 2009. Available: https://www.cs.cornell.edu/courses/cs6830/2009fa/scribes/lecture21.pdf Last accessed: January 29,2014
7.W. W. Rouse Ball (1960) Other Questions on Probability, in Mathematical Recreations and Essays, Macmillan, New
York, pp 45. Last accessed: January 29,2014