Hash functions:
Exercise from last time:
MD5: produces a 128 bit hash string, or 2^128 possible values
2^128 = 340282366920938463463374607431768211456 possible 16 byte strings
So about 5444517870735015415413993718908 GB of storage needed
divide in half for compression, by 100 GB per hard disk, divide by 6 billion:
4537098225612512846, (4.5 quintillion), 100 GB hard drives for each person on earth to store the data.
The good news: if we harness over half of the total power output of the sun, we could run all of the hard drives. It might contribute to global warming but that's just conjecture.
Exercise 1): check my calculations and approximately how much power to run all of those hard drives?
The BSD and Linux password algorithms are based on MD5 with an 8 byte salt.
An 8 byte salt adds lots to the hash space of straight MD5.
MD5 is also used as a "checksum" for software packages.
In old UNIX, a 56 bit keyed DES based hash function was used for passwords.
Today, 56 bit DES it is considered weak, and the old UNIX password algorithem even weaker.
Here is the BSD Linux source code to generate their MD5 based password hashes:
md5crypt.c
Symmetric Encryption:
Decyption with the same key as encryption.
Key length is considered the main strength measurement of proven algorithms.
Public Key:
Typically used for key exchange, based on trap door functions, a function that is
easy to compute in one direction but difficult to compute in reverse.
Basic idea:
pub(message) -> cyphertext, pri(ciphertext) -> message
Can also be used for digital signatures and data validation:
pri(hash(data)) -> cyphertext, pub(ciphertext) -> hash(data)
RSA: based on polynomial diffiulty of computing large prime factors of a large number.
SSL: uses RSA for key exchange, then one of several symmetric algorithms for encrypting subsequent traffic.
SSH: can also use the Diffie Hellman algorithm for the key exchange.
SSH can be used to tunnel other services through it's encrypted channel, such as the authentication portion of FTP.
SSH can also be configured to use public key encryption for login.
A clear text password free UNIX server could consist of:
SSH, SFTP, FTP, HTTPS, IMAPS, POPS, SMTPS, GPG, Openssl
On UNIX and Linux one can also create encrypted file systems.
Linux offers kernel level encryption with the correct kernel patches.
Other utilities like CFS and TCFS offer user level encryption services.
More Exercises (have these ready for the next class period):
2) Encrypt and decrypt a file with the openssl command line tool. Provide the command lines used.
3) Use the Linux kernel level services or a user level utility to create an encrypted file system on your Linux server. CFS will require you to set up NFS to mount the file system. The Linux kernel will require using the losetup and mount commands after patching or obtaining a crypto patched kernel.