Mercurial Mercurial > hg > sen-material / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho01.tex
changeset 175 4ebc97e6fdf0
parent 174 e2180cead443
child 176 5336ad2fd3fa 
--- a/handouts/ho01.tex	Wed Sep 24 23:35:47 2014 +0100
+++ b/handouts/ho01.tex	Thu Sep 25 00:24:41 2014 +0100
@@ -257,6 +257,64 @@
 chicken-and-egg problem). So encryption seems to not solve the
 problem we face with the integrity of our counter.
 
+Fortunately, \emph{hash function} seem to be more suitable for
+our purpose. Like encryption, hash functions scrambles data
+but in such a way that it is easy to calculate the output of a
+has function from the input. But it is hard (i.e.~practically
+impossible) to calculate the input from knowing the output.
+Therefore has functions are often called one-way functions.
+There are several such hashing function. For example SHA-1
+would has the string \pcode{"hello world"} to
+
+\begin{center}
+\pcode{2aae6c35c94fcfb415dbe95f408b9ce91ee846ed}
+\end{center}
+
+\noindent Another handy feature of hash functions is that if
+the input changes a little bit, the output changes 
+drastically. For example \pcode{"iello world"} produces under 
+SHA-1 the output
+
+\begin{center}
+\pcode{d2b1402d84e8bcef5ae18f828e43e7065b841ff1}
+\end{center}
+
+\noindent That means it is not predictable what the output
+will be from input that is ``close by''. 
+
+We can use hashes and store in the cookie the value of the
+counter together with its hash. We need to store both pieces
+of data such we can extract both components (below I will just
+separate them using a \pcode{"-"}). If we now read back the
+cookie when the client visits our webpage, we can extract the
+counter, hash it again and compare the result to the stored
+hash value inside the cookie. If these hashes disagree, then
+we can deduce that cookie has been tampered with.
+Unfortunately if they agree, we can still not be entirely sure
+that not a clever hacker has tampered with the cookie. The
+reason is that the hacker can see the clear text part of the
+cookie, say \pcode{3}, and its hash. It does not take much
+trial and error to find out that we used the SHA-1 hashing
+functions and then graft a cookie accordingly. This is eased
+by the fact that for SHA-1 many strings and corresponding
+hashvalues are precalculated. Type into Google for example the
+hash value for \pcode{"hello wolrd"} and you will actually
+pretty quickly find that it was generated by \pcode{"hello
+wolrd"}. This defeats the purpose of a hashing functions and
+would not help us for our web-applications. The corresponding
+attack is called \emph{dictionary attack}\ldots hashes are not
+reversed by brute force calculations, that is trying out all
+possible combinations.
+
+
+There is one ingredient missing, which happens to be called
+\emph{salt}. The salt is a random key, which is added to the
+counter before the hash is calculated. In our case we need
+to keep the salt secrete.  
+
+\begin{figure}[p]
+\lstinputlisting{../progs/App3.js}
+\end{figure}
sen-material