Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cryptographic Functions

From: Steve Friedl <steve () unixwiz net>
Date: Wed, 19 Aug 2009 12:53:32 -0700
On Wed, Aug 19, 2009 at 08:31:33AM +0200, M.D.Mufambisi wrote:

Ok. Thanks. I have an SHA-1 hash of a file and the digest is
DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Is this160 bit? How does the
output map to 160 bits?


That hash is 40 characters, and since each hex digit is 4 bits,
40 x 4 = 160 bits.

This might help:

        An Illustrated Guide to Cryptographic Hashes 
        http://unixwiz.net/techtips/iguide-crypto-hashes.html

Steve




On 8/18/09, Shailesh Rangari <shailesh.sf () gmail com> wrote:

Hi Munyaradzi,

On Tue, Aug 18, 2009 at 2:02 PM, Jeffrey Walton <noloader () gmail com> wrote:


Hi Munyaradzi,


When a passphrase is used a key in symetric
cryptography, how does the pass phrase map to
the key in an algorithm like AES


The passphrase should be derived using a KDF. KDFs includes salts and
iteration counts. Quite a few bodies offer guidance on KDFs - NIST,
RFC, IETF, and ANSI to name a few.


how many letters correspond to 1 bit?

Don't know what you are asking here. The KDF should provide sufficent
'mixing' such that no information can be gained from 1 bit of output
(either 1 or 0 is equally probable). Otherwise, its not a very good
KDF.



I second that.
Also, assuming that a strong Hash Function is being used, then it is
difficult to ascertain how many letter(s) would correspond to 1 bit - for
one of the essential properties of a Hash Function is that it takes in an
'Arbitrary' length of input(key, passphrase, message, etc) and converts it
into a 'Unique', 'Fixed' length output (hash). A Key Len of 128, 256, 512
Bit if hashed with SHA-1, then the output would necessarily be 160 Bits
only.




Jeff

On 8/18/09, M.D.Mufambisi <mufambisi () gmail com> wrote:

Hello people.

1. When a passphrase is used a key in symetric cryptography, how does
the pass phrase map to the key in an algorithm like AES? ie....how
many letters correspond to 1 bit? etc?


Regards

Munyaradzi Mufambisi







------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



-- 
Stephen J Friedl  | Security Consultant |  UNIX Wizard  | 714 694-0494
steve () unixwiz net | Orange County, CA   | Microsoft MVP |  unixwiz.net

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: