Cyber Security

Assignment # 03

Submitted To
Ma’am Rabia Aslam Khan
Submitted By

Hammad Arif (FA-19/BSIT/043)

Faculty of Computer Science

Dept. of Information Technology
LGU Main Campus, Sector C DHA Phase 6, Lahore
Q: Hash Algorithm?
Answer:
Hash algorithms, also known as hash functions, are mathematical functions that take an input (or "message")
and produce a fixed-size output, which is typically a sequence of characters or bits. These algorithms are
designed to efficiently compute the hash value and have the following key properties:
Deterministic: For a given input, a hash algorithm always produces the same output. This property allows
for consistency and reproducibility.
Fixed output size: Hash algorithms generate output of a fixed length, regardless of the size of the input.
Common hash lengths include 128-bit, 160-bit, 256-bit, and 512-bit.
Collision resistance: It should be computationally infeasible to find two different inputs that produce the
same hash value (a collision). A good hash algorithm minimizes the likelihood of collisions.
Irreversibility: Given the hash value, it should be computationally infeasible to determine the original
input. Hash functions are one-way, meaning it is difficult to reverse-engineer the input from the output.
Hash algorithms are widely used in various fields, including cryptography, data integrity verification, data
structures (e.g., hash tables), and password storage. They are utilized to verify data integrity, generate digital
signatures, index and retrieve data quickly, and store passwords securely.

Some popular hash algorithms include:

MD5 (Message Digest Algorithm 5)

SHA-1 (Secure Hash Algorithm 1)
SHA-256 (Secure Hash Algorithm 256-bit)
SHA-3 (Secure Hash Algorithm 3)
Blake2
Keccak
It's worth noting that hash algorithms can have different levels of security and are subject to advances in
computational power.

MD5:
MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that was developed by
Ronald Rivest in 1991. It is designed to take an input of any size and produce a fixed-size 128-bit (16-byte)
hash value. MD5 operates by dividing the input message into blocks of 512 bits and processes them through
a series of rounds, manipulating the data using bitwise logical functions, modular addition, and bit rotations.
The final output is the 128-bit hash value.
Because of these vulnerabilities, MD5 is no longer recommended for cryptographic purposes such as
password storage or digital signatures. It is considered deprecated in many security contexts, and more
secure hash algorithms such as SHA-256 or SHA-3 are typically recommended for cryptographic
applications. MD5 is still used in non-security-related scenarios, such as checksums for file integrity
verification or checksums in network protocols where security is not a concern.
SHA:
SHA stands for Secure Hash Algorithm. It is a family of cryptographic hash functions that are widely used
for various applications, including data integrity verification, digital signatures, password storage, and more.
The SHA algorithms are designed to produce a fixed-size hash value that is typically represented as a
sequence of characters or bits. The SHA algorithms operate similarly by processing the input message in
blocks and performing various bitwise logical operations, modular addition, and bit rotations. The resulting
hash value is unique to the input message, making it useful for verifying data integrity or detecting changes.
When selecting a specific SHA algorithm, it is important to consider the required hash length and the level
of security needed for the particular application. SHA-256 is commonly recommended as a secure choice for
most cryptographic applications.

Compare MD2, MD4 & MD5:

MD2, MD4, and MD5 are all hash functions that were developed by Ronald Rivest. However, they differ in
terms of their security, hash lengths, and vulnerability to attacks. Here's a comparison of these three
algorithms:
MD2 (Message Digest Algorithm 2):
Hash Length: 128 bits (16 bytes).
Security: MD2 is considered to be significantly weaker than both MD4 and MD5. It is vulnerable to various
attacks, including collision attacks and preimage attacks.
Usage: MD2 is an outdated algorithm and is no longer recommended for any security-related applications. It
has been largely replaced by more secure hash functions.

MD4 (Message Digest Algorithm 4):

Hash Length: 128 bits (16 bytes).
Security: MD4 is also considered to be weak and vulnerable to collision attacks. Its security has been
significantly compromised, and it is no longer recommended for cryptographic purposes.
Usage: Similar to MD2, MD4 is outdated and should not be used in security-critical applications. It has been
largely replaced by more secure alternatives.

MD5 (Message Digest Algorithm 5):

Hash Length: 128 bits (16 bytes).
Security: MD5 is considered to be cryptographically broken and insecure. It is vulnerable to collision
attacks, where two different inputs can produce the same MD5 hash. This vulnerability compromises its
integrity and security.
Usage: MD5 is no longer recommended for cryptographic applications, such as password storage or digital
signatures. However, it is still used in non-security-related scenarios, such as checksums for file integrity
verification or checksums in network protocols where security is not a concern.
Compare SHA1, SHA3 & SHA256:
SHA-1 (Secure Hash Algorithm 1), SHA-3, and SHA-256 (Secure Hash Algorithm 256-bit) are different
hash functions that belong to the SHA family. Here's a comparison of these algorithms:

SHA-1:
Hash Length: 160 bits (20 bytes).
Security: SHA-1 is considered to be weak and vulnerable to collision attacks. It is no longer recommended
for security-sensitive applications due to significant vulnerabilities. Successful collision attacks have been
demonstrated, compromising its integrity and security.
Usage: SHA-1 is deprecated for cryptographic purposes. It is generally not recommended for new
applications but may still be used in non-security-critical scenarios, such as checksums for file integrity
verification.

SHA-3:
Hash Length: SHA-3 offers several hash lengths, including 224, 256, 384, and 512 bits.
Security: SHA-3 is designed to be a secure and resistant hash function. It was selected as the winner of a
competition held by NIST for a new hash standard. SHA-3 provides resistance against various cryptographic
attacks, including collision attacks and preimage attacks.
Usage: SHA-3 is recommended for cryptographic applications where a secure hash function is required. It is
suitable for a wide range of applications, including data integrity verification, digital signatures, and
password storage.

SHA-256:
Hash Length: 256 bits (32 bytes).
Security: SHA-256 is considered to be a secure hash function. It provides a higher level of security
compared to SHA-1. While no cryptographic algorithm is entirely immune to attacks, SHA-256 is widely
used and has stood up well against known attacks.
Usage: SHA-256 is commonly used in various cryptographic applications, including block chain technology,
digital certificates, and password storage. It offers a good balance between security and efficiency, making it
suitable for many applications.

Compare AES & OTP:

AES (Advanced Encryption Standard) and OTP (One-Time Pad) are two encryption techniques with distinct
characteristics. Here's a comparison between AES and OTP:

Security:
AES: AES is considered a highly secure encryption algorithm. It has undergone extensive scrutiny and
analysis by the cryptographic community and has stood up well against various attacks. AES is widely
adopted and trusted for its security properties.
OTP: OTP, when used correctly, provides perfect secrecy. It is theoretically unbreakable because the cipher
text reveals no information about the plaintext. However, achieving perfect secrecy with OTP requires the
key to be truly random, never reused, and as long as the message. Maintaining these conditions can be
challenging in practice.

Key Management:
AES: AES uses symmetric key encryption, meaning the same key is used for both encryption and
decryption. The security of AES relies on keeping the encryption key secret. Key management involves
securely distributing and storing the key among authorized parties.
OTP: OTP also uses symmetric key encryption, but with a unique key for each message. The keys in OTP
must be truly random, of equal length to the message, and never reused. The distribution and secure
management of OTP keys present significant challenges, as each key must be securely generated and
exchanged in advance.

Practicality and Efficiency:

AES: AES is widely used due to its practicality and efficiency. It can encrypt and decrypt data in fixed-size
blocks, making it suitable for various applications. AES implementations are efficient and widely available
on modern computing platforms.
OTP: OTP is less practical for many real-world scenarios due to its requirements. Generating truly random
keys, managing key lengths, and securely distributing keys can be complex and resource-intensive.
Additionally, OTP encryption requires the key length to be equal to the message length, which can be
impractical for large messages.

Usage Scenarios:
AES: AES is commonly used in a wide range of applications, including secure communications, data
encryption, file encryption, and cryptographic protocols. It provides a good balance between security and
efficiency.
OTP: OTP has limited practical use due to the challenges in key management and the key length
requirement. It is primarily discussed in theoretical and educational contexts to demonstrate concepts such
as perfect secrecy.