ecy5maa Posted February 1, 2012 Posted February 1, 2012 Suppose Bob produced document m and h(m) using a hash function h which is known publicly. (a) Bob sends {m, h(m)} to Alice over the Internet. Can Alice verify that m has not been tampered with (say during its transit over the Internet)? Explain. My answer: I assume Alice can verify that m has not been tampered with, since h(m) should still compute correctly regardless of whether a replay attack has occurred or not. SO yes Alice can check message tampering. Can anyone let me know if this is correct?
Cap'n Refsmmat Posted February 1, 2012 Posted February 1, 2012 You're correct that it doesn't protect against replay attacks. But can an attacker manipulate the message without a replay attack, and still produce a valid hash? Think about that for a bit.
ecy5maa Posted February 1, 2012 Author Posted February 1, 2012 hmm...I would assume that it cant unless its some sort of clever hack where the message is corrupted via bits that cancel each other? I think that should then have no effect on the hashed value. Is that correct?
Cap'n Refsmmat Posted February 2, 2012 Posted February 2, 2012 If the hash function is known publicly, can't the malicious interceptor just hash the altered message? I could easily intercept {m, h(m)} and replace it with {n, h(n)}, where n is my evil replacement message.
ecy5maa Posted February 2, 2012 Author Posted February 2, 2012 Ohh yes. Off-course!. Alice would have no way of knowing the message is tampered with as she would believe message=n. But what i said about 2 bits cancelling does that make sense too?
Cap'n Refsmmat Posted February 2, 2012 Posted February 2, 2012 It's possible, but the point of cryptographic hash functions is that it is very, very difficult to generate a message that produces a given hash. That's called a preimage attack, and it basically requires brute-forcing it: try a bunch of messages until you get one which has the right hash. It takes a very, very long time.
ecy5maa Posted February 2, 2012 Author Posted February 2, 2012 Fair enough. Thank you!! Now if u can help me with the second part as well..i will be great full. (a) Bob gives {m, h(m)}to Alice directly (face to face), can Alice be sure that there was no tampering by a third party? Ans: Similar to the first part, i would think that even if Bob gave Alice the message face to face.....she would have no way of knowing what the original message was so cannot know if the message was tampered with by a third party. She would have to accept the message that she receives as the original message.
Cap'n Refsmmat Posted February 2, 2012 Posted February 2, 2012 Yes. Of course, if she trusts Bob, and Bob says it's the correct message...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now