.png)
.png)
A system that is supposed to provide security needs some very serious security protocols to avoid getting breached. The hash has some very interesting properties to fully perform its security functions. Some of them are its collision resistance, preimage resistance and second preimage resistance. I’ll talk about each of them in detail.
Hash Collision and Collision Resistance
To understand what collision resistance is, you first need to understand what a collision is. In a way in English, collision can be understood as a misunderstanding or disagreement. Technically speaking with hash, a collision occurs when two different inputs produce the same output (hash). If you’re able to find two different inputs that output the same hash, a hash collision is said to have occurred. For a hash function with more inputs than outputs, a collision would’ve occurred.
Collision resistance is a property of collision resistance hash function to avoid or minimize the probability of the occurrence of collision. Collision resistance doesn’t mean collision doesn’t exist. It just means the chances of them occurring are very low. Collision occurrence is not absolutely impossible.
In our modern day today, cryptographic hash functions are being designed to be collision resistant. However only a few of them are actually completely so. The MD5 and SHA-1 use techniques for finding collisions that are more efficient than brute force. Provably Secure functions have proven that finding collisions is comparatively as hard as solving enigmatic mathematical problems like integer factorization.
Preimage and Resistance to Preimage
In math, preimage is a set of elements of a domain, a, that map to the same element in the codomain, b, after passing through a function H(a) = b.
For a hash function, a preimage is a set of all input values that produce the same output(hash) after passing through a hash function. See, just like math. Hash functions need to operate in a way that it would be almost impossible to find the input that produced a certain hash even if you know the hash produced. That is where preimage resistance comes into play.
Preimage resistance is the property of a function that makes it practically impossible to find the input that produced hash using the hash. This would suggest a kind of way-one operation where inversion shouldn’t be possible. Inversion is the processing or retrieving a preimage value of a hash function. So if I gave you a message digest like 0592F5DD27DC72E675B2AB9C77487A69FAAF84196597FA052EC099C18EE7C4C5 it shouldn’t be possible for you to find the input that produced this hash.
Taking the MD5 as an example, it can produce at least 2128 values. This is a very huge number and even with the resources and computational power we have today, it will take you a very long time to even go through all possible hash values, let alone find the ONE input value that produced an MD5 hash provided. If a computer could brute force 10,000,000 hash in 1 second, it still will take septillion years to go through all possible hash values.
.png)
Tronscan
• I first started by visiting the homepage tronscan.org
.png)
• Then on the homepage I scrolled to the bottom until I could see Blocks, More and Transactions like seen circled blue in the image below.
.png)
• Looking at the time the blocks were created I identified that the last block was the one on top and to explore the details of the last block, I clicked on the block number. It opened up to show me details of the block like the block number, hash, who it was produced by and a lot more information about the block. The block number of the last block at the time of my research was 31743744 and the hash was 0000000001e45f00b3cbea602b0b16ab48fcbcc363feb36f1b8b395ea63ee369 as can be seen circled in the image below.
.png)
• To verify the hash of the last transaction, I returned to the homepage, scrolled down once again to transactions and clicked on the last transaction with hash a6f519fdda6f3d40844c8c3ce0f20d6e617e17c3e8b133cdb739e04c31bc668a which is circled blue in the diagram below. This page also contained transaction details like number of blocks the transaction was confirmed by and the result of the transaction.
.png)
Etherscan
• I headed to etherscan.io to verify the hash of the last block and hash of the last transaction. On the homepage, I could see a section written Latest Blocks and Latest Transactions circled in red in the diagram below.
.png)
• I clicked on the block number of the last block to reveal details of the block. The last block at the time of my research had block number 12783685
.png)
• I scrolled to the bottom to find the hash of the last block to be 0x8ee2a67231b9840cb1d9eaf62e75c61ece5556947b1070c6945d0887e224499e
.png)
• I then went back to last page and clicked on the last transaction to verify the hash of the last transaction. The last transaction had the hash 0x58df7b550a5947d9e9a414ef318f4ab1042ff362069e9d71224faec1fcba517b
.png)
.png)
• First, I opened the hash generator site using the link SHA-256 given by professor @pelon53. It has a simple interface and I’m sure this is why teacher chose this site.
.png)
• Next, I enter the first word “CryptoAcademy” in the text section. The Hash of the word is immediately generated after I entered it. The word “CryptoAcademy” has hash to be D03CA34B258E6E0FD06B2070DDE61B50BD4EEF6161A8EDAA4A420C9AE1BEB7F9
.png)
• For the second word, I enterd “cryptoacademy” in the text section and the hash was generated to be 0592F5DD27DC72E675B2AB9C77487A69FAAF84196597FA052EC099C18EE7C4C5
.png)
The hash difference between these two closely related words shows that hash is case sensitive and explains how hash resists collision by generating different hash for even these 2 words with difference in only the cases of 2 letters, C and A. For security, the hash function pays attention to the smallest details of input to produce a unique hash for each entry thereby being collision resistant and reduces the chances of a collision occurring.
.png)
In the course of this homework task, we can tell that hash and crypto are 2 different entities that are closely related. Cryptography has to do with protecting information using codes.
I’m going to tell you a little story about how I’ve seen cryptography used in a movie and how it would’ve gone if hash was used. The movie is called The Imitation Game. The fate of the British winning an all-out war with the German lies in the hands of a group of mathematicians who have to work to decode radio messages containing attack coordinates sent from the German base. They solve this code using cryptography to decipher the German Enigma code.
Cryptography allows us to encrypt and decrypt information privately. The Germans used cryptography to encrypt these messages to be decrypted by other German soldiers at another camp if they had the key. Now if the messages were hashed, it should’ve been practically impossible for the British to be able to intercept and decode these messages as the collision and preimage resistance of hash wouldn’t allow inversion for the British soldiers to be able to even trace back the inputs that generated the hash.
Unlike cryptography being a two-way function where we can encrypt and decrypt messages, Hash is one way involving scrambling information to produce a unique hash or message digest. Hash is an application of cryptographic functions.
Conclusion
It always puzzled me how the same word in a different case wouldn’t be accepted as password just because the password was saved in a different case. From this lecture and homework task given by professor
@pelon53, I am finally able to understand how sites have passwords that are case sensitive in a sense that entering your password in a different case than saved is not accepted. This is because even though they're the same word, the case difference makes them have different hash due to the collision resistant nature of hash.
I have also learned about the security features like collision resistance, preimage resistance and second preimage resistance which gives the hash its security.
A very important thing I have learnt in my research for this homework assignment is how to verify the hash of not only the last block and transaction but the hash of any block or transaction I would like to investigate.
I want to thank professor @pelon53 for this wonderful lecture that helped me understand some practical enigmas in my everyday internet use.
Gracias por participar en Steemit Crypto Academy Season 3:
Espero seguir leyendo tus publicaciones.
No coincide el último bloque con el bloque del hash de la transacción.
Me gustó la historia de la película: The Imitation Game. Pero faltaron algunas diferencias como la longitud del hash siempre es la misma, más no en criptografía.
Recomendaciones:
Calificación: 7.5