Category: Theoretical Security

Hashing, fast and slow

Hashing, fast and slow

Integrity is an important consideration for security assurance. In this article I will explore the importance of hash functions and an associated type of function known as a Key Derivation Function (KDF).

Fast hash functions

In an digital setting we would like to know that if we are given a particular file that it is the one we expect. Part of that assurance will come down to whether we trust the source of the file; however, hash functions are a technical control that can help us to gain assurance that the file we just obtained is the file we want. This is important as there can be errors in the transmission of data and that an attacker could try to modify a file while it is in transit. There are more sophisticated scenarios which will be ignored for the purpose of this illustration.

Read More Read More

It may look complex and unpredictable but is it really?

It may look complex and unpredictable but is it really?

A key idea in security is that of unpredictability. If I can’t guess your password then it ought to be secure. This is almost true, except the problem isn’t about whether I (as a human) can guess your password but whether a computer can iterate through all possible passwords and find your particular password within a sufficiently short timeframe. There is a mistaken assumption that if your password is hard for a human to guess then it is a good password to use. I heard an anecdote that went something like “My password is ‘JohnSmith’. No one will guess that because my name is Bill Jones.” This line of thinking is based on whether someone you know is likely to guess your password.

Read More Read More