[Solved] IV1013-Assignment2-One-Way Hash Function and MA

1 IntroductionThe learning objective of this lab is for students to get familiar with one-way hash functions and Message Authentication Code (MAC). After nishing the lab, in addition to gaining a deeper understanding of the concepts, you should be able to use tools and write programs to generate one-way hash value and MAC for a given message. See the Grading section at the end for information about the marking for this lab.2 Lab Tasks2.1 Generating Message Digest and MACIn this task, we will experiment with various one-way hash algorithms. You can use the following openssl dgst command to generate the hash value for a le. To see the manuals, you can type man openssl and man dgst.% openssl dgst dgsttype filenameReplace the dgsttype with a specic one-way hash algorithm, such as -md5, -sha1, -sha256. In this task, you should try these three algorithms (MD5, SHA1 and SHA256). Create a le consisting of your KTH email address in the format [email protected], with UTF-8 encoding. Generate message digests for this le with all three algorithms.Question 1. Describe your observations. What differences do you see between the algorithms?Question 2. Write down the digests generated using the three algorithms.2.2 Keyed Hash and HMACIn this task, we would like to generate a keyed hash (i.e. MAC) for a le. We can use the -hmac option (this option is currently undocumented, but it is supported by openssl). The following example generates a keyed hash for a le using the HMAC-MD5 algorithm. The string following the -hmac option is the key.% openssl dgst -md5 -hmac abcdefg filenameIV1013 One-Way Hash Function lab 1Generate a keyed hash using HMAC-MD5, HMAC-SHA256, and HMAC-SHA1 for the le created in Section 2.1. Try several keys of different length.Question 3. Do we have to use a key with a xed size in HMAC? If so, what is the key size? If not, why?Question 4. Now use the string IV1013-key as the secret key and write down the keyed hashes generated using the three algorithms.2.3 The Randomness of One-way HashTo understand the properties of one-way hash functions, we would like to do the following exercise for MD5 and SHA256:1. Generate the hash value H1 for the le created in Section 2.1.2. Flip the rst bit of the input le (e.g. 01100001 11100001). You can achieve this modication using a binary editor such as ghex or Bless.3. Generate the hash value H2 for the modied le.4. How similar are H1 and H2?Question 5. Describe your observations. Count how many bits are the same between H1 and H2 for MD5 and SHA256 (writing a short program to count the same bits might help you). In the report, specy how many bits are the same.2.4 Collision ResistanceIn this task, we will investigate collision resistance of the hash function. The task is limited to weak collisio resistance. We will use the brute-force method to see how long it takes to break this property. Instead of using openssls command-line tools, you are required to write your own Java program. Get familiar with the provided sample code and feel free to use its parts in your solution. The code uses the MessageDigest class from the java.security library. You can nd more information about this class at the ofcial web documentation: https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html. Since most of the hash functions are quite strong against the brute-force attack on collision resistance, it could take us years to break them using the brute-force method. To make the task feasible, we reduce the length of the hash value to 24 bits. In this task, work with the SHA256 one-way hash function, but use only the rst 24 bits of the hash value. Namely, we are using a modied one-way hash function. Please design an experiment to answer the following questions:Question 6. Investigate how many trials it will take to break the weak collision property using the bruteforce method. Below is a list of ve messages. For each message, report how many trials it took before you could nd a message with the same hash. IV1013 security Security is fun Yes, indeedIV1013 One-Way Hash Function lab 2 Secure IV1013 No way