Secure Design: Hashing
CS 493/693 Lecture,
Dr. Lawlor, 2006/02/20
A cryptographic hash function H(x) is just a function that takes a
random piece of binary input x as input, and returns a random piece of
binary output. I've prepared a series of hashing examples you
should download (Directory, Zip, Tar-gzip).
For example, the sha-1 hash (example, official standard) takes an arbitrary-length input message and spits out a 20-byte hash.
POSIX and perl "crypt" (example)
uses DES encryption (the old 56-bit Data Encryption Standard) as a
salted hash function. The standard crypt is limited to eight
7-bit characters (which makes 56 bits) and a two-byte salt (the
remaining 8 bits in a 64-bit DES round); the output is the two-byte
salt and an 8-bit . It was state of the art back in the 1970's,
but it's getting pretty small today.
Eric (Hank) Gregg pointed me to an interesting article detailing some of the (several) flaws in Microsoft Lan Manager password hashes.