讲解:41900、C、C/C++、C/C++、CWeb|Prolog

41900 – Fundamentals of SecurityProject – 2 (Week 8 – Week 12)One-Way Property versus Collision-Free PropertyIn this project you will investigate the difference between hash function’s two distinctiveproperties: one-way property and collision-free property. You are required to use the brute-forcemethod to see how long it takes to break the hash generated using each of these properties.Instead of using openssl’s command-line tools, you are required to update the C programsprovided to invoke the message digest functions in openssl’s crypto library. A sample code canbe found at the following link, it would be helpful to familiarize with the sample code:http://www.openssl.org/docs/crypto/EVP_DigestInit.html.Since most of the general hash functions are quite strong against the brute-force attackconducted on those two properties, it can take years to break them using brute-force. Hence, tomake the task feasible we reduce the length of the hash value to 24 bits. You can use any onewayhash function, but only the first 24 bits of the hash value generated will be used in this task.As explained, we are using a modified one-way hash function.One-way means that given a function output, you cannot find a matching input, exceptby trying many potential inputs and getting lucky. A collision is about finding two distinct inputswhich yield the same output, without any predefined constraint on said output.You must complete the code and run it to find out the following:1. How many trials it will take you to break the one-way property using the brute-force method?You should repeat your experiment for multiple times and report your average number oftrials.2. How many trials it will take you to break the collision-free property using the brute-forcemethod? Similarly, you should report the average.3. Based on your observation, which property is easier to break using the brute-force method?There are two skeleton programs i.e. oneway.c and collision.c provided foe this assignment.You aim is to complete the code, run it successfully and observe which property is easier tobreak using the brute-force method.The character set to be used is as follows:0123456789!\#$%&()*+-/. ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz41900 – Fundamentals of SecurityProject – 2 (Week 8 – Week 12)1. Brute force one-way property breakThe programs objective is to hit a target hash value by generating the hash for different stringsand matching it with the target hash value.The approach to generate strings and match them against a target is implemented as follows:1. Start with string length 12. Generate all possible combinations of strings for current length using the character set,generate its hash and compare it with the target hash.3. If a match is found, the execution stops and reports the number of iterations used.4. If no match is found in all possible strings of current length, increment length by ‘1’ andgo to step (2)The brute force code is used in the one way property break program oneway.c to generatestrings In a systematic manner, exhausting all possibilities for a given length (starting with 1), andincrementing the length if no match was found. You can refer to oneway.c program for 77characters to be used for further processing in one way property.The oneway.c should be executed a minimum of five times to find out the average number oftries required to match the target hash.2. Bute force collision free property breakIn the case of collision free property, there is no restriction on target hash. The approach followedin the collision.c program to break this property is as follows:1. Allocated an array for saving hash values2. Generate initial message (call it M)3. Find M’s hash4. Generate random string and find its hash5. Compare hash from (4) to M’s hash, if a match is found then exit and report the numberof iterations used.6. Compare hash from (4) to each hash value in array, if any match is found then exit andreport the number of iterations used.7. If no match is found, save the hash from (4) into the array and go to step (4)To break the collision free property, you just need to find two messages with matching hashvalues. Matching the random string’s hash value to an initial hash as well as saved hash value (inthe array) increases the probability of finding hash value with less number of iterations.Execute the collision.c program five times to find the average number of iteration required.41900 – Fundamentals of SecurityProject – 2 (Week 8 – Week 12)Instructions for compiling and running the program:To compile:$ gcc –o oneway oneway.c –lcrypto –ldl –std=c99$ gcc –o collision collision.c –lcrypto –ldl –std=c99To run the code:$ ./oneway md5$ ./collision md5Marking Criteria:Total Weightage: 20%Criteria Incomplete Work Partial Work Full WorkProgram Completeness0 Points 4 Points 7 PointsProgram Submittedwithout any changesProgram Modified, but missingcertain componentsProgram contains allessential components.ProgramFunctioning0 Points 3 Points 5 PointsProgram does notcompile / runProgram calculates ciphertextbut can’t find a matchProgram calculatesciphertext and finds a matchDemo andQuestionnaire0 Points 4 Points 8 PointsUnable to answerquestions.Able to partially answer thequestions. Able to answer all questions.转自:http://ass.3daixie.com/2018100277782091.html

你可能感兴趣的:(讲解:41900、C、C/C++、C/C++、CWeb|Prolog)