INVITATION TO CYBERSECURITY 172 are 256 bits, and they differ by 124 bits—a difference of almost 50% of the bits.4 A one bit difference in inputs produced nearly a 50% difference in outputs! On average, any two hashes will be approximately 50% different, and therefore, they provide no information about the data they represent. When examining two hashes, one cannot conclude anything about the relationship between the two data objects they represent—not the relative sizes of the data, the types of data, nor their degree of similarity. Table 7.10 Hashes for similar strings showing the number of bits in the hash that are different. Hashes can also be used for message integrity assuming that the communicating parties have a shared secret. For example, if Alice wants to send Bob a message and does not care about keeping the message confidential, but does care about message integrity (i.e., ensuring that any modifications to her message will be detected), she can send her message to Bob along with a HMAC (hashed message authentication code) of the message. An HMAC is the hash of a message that has been combined with a shared secret. When Bob receives the message, he can use the shared secret to generate an HMAC in the same way Alice did and compare his to the one that he received from Alice. In other words, he redoes the same calculation as Alice and verifies his results are the same. If the two HMACs match, then Bob knows the message has not been tampered with. If an adversary intercepts Alice’s message and changes it, then the HMAC that Bob will generate will no longer match the HMAC he received. The shared secret is vital in this scheme because the adversary also has the ability to modify the HMAC. However, since the assumption is that the adversary does not know the shared secret, then he will not be able to combine it with the modified message to create a valid HMAC, and this will expose his tampering. 7.2.3.3 Committing to a Secret Value “ZghOT0eRm4U9s:p/q2-q4! gfVwhuAMF0Trw:dmac” - the cracked passwords [hash:password] used by Ken Thompson and Dennis Ritchie, respectively, on an early UNIX system 4 The difference between two equal length bit strings is called the Hamming distance.
RkJQdWJsaXNoZXIy MTM4ODY=