RESPONSES ASSIGNMENT

Finally, in responding to your peers’ posts, assess your peers’ recommendations and discuss how these functions relate to providing a secure means of communicating. BUT respond according to the post if need be.

          1. The massive growth of access to information is on the rise each and every day making the handling of information and data one of the major priorities in our information technology world. To secure our information, a sender uses a hash key to encrypt the data being sent, whiles the receiver on the waiting end decrypts the data using the same hash key. This means that hashing serves as an authentication tool for both sender and receiver of the data. However, the recent attacks on cryptography continue to threaten the security of our information. Random hashing has proved to be useful in recent times although it does not stop an attacker from attacking it makes it very difficult and complex and almost impossible. Randomizing in hash ensures that a hash function is picked at random or in other words, uses a random salt value in the random process before implementing the underlying hash function. (Lemire D., 2012)

Hashing comes in handy in securing our communication. It gives us the assurance that data has not been tampered with by using the hash key to verify the integrity of the data. Also, as it assures as that data has not being tempered with it also alerts us if data has been tampered with this way we can ignore and flag such data. (Ashfield D., 2013)

Hash is an essential component in cryptographic, for the last two decades it is being used for cryptography in securing electronic communication on an internet network.

        2. Hashing is a great tool when using encryption. This allows the person that is sending the data and the person that would receive the data to be able to know that the message hasn’t been altered. If the hashing uses common stings of number, like 123456789, an outsider can break this hash very quickly. But if the hash is 1@5T$36*&(oP, well, this would make the message more difficult for interception. This goes a long with the same concept of using passwords that don’t follow a dictionary, and are random, the more random the better.

     If I were to send a piece of data out, I would want random hashing to take place. Above, where I mentioned that using 123456789,  wouldn’t be a great hash, because it can easily be intercepted and deciphered (there are people that have equipment that can do just this). I would want something along the lines as Uc@n^TR#@dTh!$, because in order to decipher my message you would have to know the exact characters and line, meaning that my data would stay safe, and as long as it matches up on the other side, we (the parties involved) would know that my message wasn’t altered. There are even Salting schemes that can be added at the end, with random characters, just to throw off unwanted eyes.

      3. Randomness and random numbers are essential to hashing because using predictable (non-random) numbers as either a secret key or as an initialization vector increases the likelihood of the key being broken and thus a message being compromised.  Our author explains this as follows – “To prevent a key from bring guessed, keys need to be randomly generated and contain sufficient entropy; entropy being a measure of randomness.  The problem of how to safely generate truly random keys is difficult…” (Jacobs. S, 2011). 

An example of this problem can be seen with the now-deprecated WEP algorithm used to secure 802.11 Wi-Fi connections.  One problem with the algorithm is found in the Initialization Vector, or IV (note that IVs are also shown in the diagrams found in chapter 3 of Jacobs, but never really explained).   “The IV is pseudo-randomly generated for each frame…  The IV and WEP key are used to create something called a keystream…  At 24 bits, this IV is a short value, which can result in duplicate IVs on a network.  When a duplicate is identified, the cipher text of two frames can be compared and used to guess the keystream that created the cipher text” (McClure, et. al., 2012).  

Now this should not happen with a proper hash, which should be “computationally infeasible to discover the input from the output” (Jacob. S, 2011); However, we are also told that both MD5 and SHA-1 are no longer considered cryptographically secure.  However, the case of WEP demonstrates the problem with both non-randomness and short keys in any encryption scenario.

       4.I had a teacher years ago once tell me a computer can not do random.  Here we are talking about how randomness plays a role in the context of message digest functions.  Dr. Mads Haahr writes in an article discussing randomness, "With the advent of computers, programmers recognized the need for a a means of introducing randomness into a computer program. However, surprising as it may seem, it is difficult to get a computer to do something by chance" (Haahr, 2017).  This being said one recognizes the random is in the program and how the computer is told to make a random code.  James McGlinn states, "A hash (also called a hash code, digest, or message digest) can be thought of as the digitial fingerprint of a piece of data.  You can easily generate a fixed length has for any text string using a one-way mathematical process" (McGlinn, 2007).  Now tieing the two together a good hash should have collision resistance.  That is according to Dan Cornell, "Given two messages m1 and m2, it should be "hard" to find a has such that hash (k,m1) =hash(k,m2), where k is the hash key" (Cornell, 2007).  The K must be a random number in such that it is almost never used a second time when comparing two messages.  The final message with strong keys should not be recognizable or decipherable.

This allows for a more secure communications

5. Randomness is the attribute that supplies the true strength in hashing.  Randomness makes it very difficult, hopefully impossible, to find patterns and to determine the key. In short, the more random, the more difficult to break.  While casual observation would point toward the strength of the algorithm, there is a school of thought that states the algorithms themselves should be public, while the key is secret.  Summarized in Kerchoff's Principle, this school of thought appears to be working in the real world. (1)   

Randomness is relatively difficult to generate, given that both humans and computers are, by nature, methodical, deliberate, and systemic,  Given the importance of randomness to hashing and encryption, and the diffiulty of systemiclly creating randomness, many governing bodies have etablished standards for creating it.  ANSI, NIST, ISO, all have standards to assist hardware and software developers build in randomness.  For example, NIST's standard is 800-90. (2) 

           The importance of randomness can be seen in historical instances where a lack of it allowed one side to determine what the other side was doing.  (While some have to do with encryption, the point on randomness is still valid.)

(1) Battle of Midway - The US Navy was close to breaking the enemy code on the brink of this decisive battle.  To nail down its codebreaking, it sent  message in the clear about problems with Midway's water system.  When soon after they intercepted a message with the suspected code for "Midway" discussed water problems, they knew they had broken the code.  (3) 

(2) Breaking the German Enigma code.  Allied codebreakers were able to achive their first successes when they realized that remote German bases would basically send the same message every day, "Nothing new to report."  Having this small amount of "before-and-after" data allowed the codebreakers to dramatically reduce the number of possible combinations for the brute force attacks. (4) 

(3) Venona Project - During the cold war, US codebreakers were able to break Soviet one-time cyphers because the Soviets used identifiable patterns (5)

            Hashing can be used to electronically "stamp" documents and files to prove they have not been altered or changed in any way.  When the world was hard copy, paper based, physical stamps could be applied to documents or files and referencing the stamp would prove to all users it was the authentic document.  Hashing's ability to ensure integrity has a number of both general and specific use cases:

General:

(1) File integrity - Create a hash of important files can be used to determine if they have been altered.

(2) Passwords - Hashs of passwords can be created. 

Specific Uses:

Hashing has become a widespread means of verifying file and data integrity with regards to criminal evidence.  In fact, when dealing with large amounts of data, courts have an expectation that hashing will be used. (6)  Forensic professionals can use hashing for:

(1) Proving that an examined document has not been altered.

(2) Authenticating evidence used in court.

In summary, electronic hashing has replaced use of manual stamps that used numbering series and initials.  

6.Producing hash values for accessing data or for security. A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.

Hashes play a role in security systems where they're used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they're the same, there is a very high probability that the message was transmitted intact.

Hashing is also a common method of accessing data records.

 For practice, efficiency considerations beyond constant factors are important. It is not hard to construct very efficient 2-wise independent classes. Using k-wise independent classes for constant k bigger than 3 has become feasible in practice only by new constructions involving tabulation. This goes together well with the quite new result that linear probing works with 5-independent hash functions. Recent developments suggest that the classification of hash function constructions by their degree of independence alone may not be adequate in some cases. Thus, one may want to analyze the behavior of specific hash classes in specific applications, circumventing the concept of k-wise independence. Several such results were recently achieved concerning hash functions that utilize tabulation. In particular if the analysis of the application involves using randomness properties in graphs and hypergraphs (generalized cuckoo hashing, also in the version with a "stash", or load balancing), a hash class combining k-wise independence with tabulation has turned out to be very powerful."

PLEASE READ THIS.IT IS VERY IMPORTANT

Allow your discussion posts to be detailed and capable of sharing knowledge, ideas and points.  You must discuss the topic using your own words first.  Using your own words indicate you understand the topic of discussions.  Secondly, you must cite your sources in-text.  This is necessary to justify your points. Sources from several sources showed good research abilities.  Lastly, you must provide references at the bottom of your post.  A discussion post without justification with sources does not show proper research abilities. A terse and not detailed discussions represent post that would not provide enough sharing of knowledge or proper understanding of the topic. DO NOT just copy and paste a sentence from online with citation at the end as your own discussion. I have not asked for definitions, I asked for discussions and will not buy this.  You must show understanding of the discussion topic by using your own words to describe the topic and then justify that with sources.

www.citationmachine.net to format references into the APA style if necessary. Extremely important. Intext citations is very essential and highly needed as well.

use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA citation method (citation should be relevant and current). Page-length requirements: 2 PARAGRAPHS FOR EACH PROMPT ANSWER. Make sure you cite if you take a piece of someone’s work, very important and your reference should relate to your writing (don’t cite a reference because it relates to the course and not this very paper) at least 2 current and relevant academic references. No heavy paraphrasing of others work.