Hi,

Before the famous MD5 Weakness discovery, Hash Algorithm security was underevaluated, not many good research attempts were conducted, or better not organised analysis criteria were applied.

After the MD5-Day, the most important Cryptographys Research Centers (CACR and IACR) moved to more organised Analysis Structures.

Here I wrote down some Conceptual and Practical assumptions to build a Framework for Hash Analysis

Analysis is intended to give informations about:
  • General Hash’s Architecture
  • Projectual Innovations and/or Old Unsecure Conceptual Adoptions
  • Basical Security Flow Hunting

There are various different Hash Algorithms, that not necessarily uses all the same techniques, so is Difficult to Establish Efficient Comparing Criteria. The principal attempt of this Conceptual Framework is to move the Attention Point to a superior Abstraction Level, able (or supposed to) to allow the comparison between Different Hash Algorithms.

So Framework conceptually will divide the Hash Process into:
  • Preprocessing
  • PostProcessing
  • Compression Function
  • Internal Structures (this will be divided in other SubStructures)

Actually I'm working on a pratical application of this Framework, the hash algorithm used is relatively new (FORK256) and as i could see at the moment, something similar was used to detect a big weakness in this algorithm (paper can be readed on eprint.iacr.org)

Idea is foundamentally taken from George I. Davida, Jeremy A. Hansen from Center for Cryptography, Computer and Network Security niversity of Wisconsin Works.

See you to the next post