Secure Design: Hashing

CS 493/693 Lecture, Dr. Lawlor, 2006/02/20

A cryptographic hash function H(x) is just a function that takes a random piece of binary input x as input, and returns a random piece of binary output. I've prepared a series of hashing examples you should download (Directory, Zip, Tar-gzip).

For example, the sha-1 hash (example, official standard) takes an arbitrary-length input message and spits out a 20-byte hash.

POSIX and perl "crypt" (example) uses DES encryption (the old 56-bit Data Encryption Standard) as a salted hash function.  The standard crypt is limited to eight 7-bit characters (which makes 56 bits) and a two-byte salt (the remaining 8 bits in a 64-bit DES round); the output is the two-byte salt and an 8-bit .  It was state of the art back in the 1970's, but it's getting pretty small today.

Eric (Hank) Gregg pointed me to an interesting article detailing some of the (several) flaws in Microsoft Lan Manager password hashes.