Hi Marcin Latosiewicz,Thanks

Athul Chandran · ‎04-16-2015

Hi All,

As we are all aware that HASHing is user to verify integrity in cryptography. I have a query about hashing.

Suppose a man in the middle attacker manipulates the data and creates new HASH (by running algorithm on manipulated data) using the same hashing algorithm (becausehashing algorithms are universal algorithms) and send it along with the manipulated data to the receiver.when receiver runs the algorithm on manipulated data, it gets the same HASH ( HASH created by the attacker) and though integrity will be verified. But actual data has been manipulated/modified and integrity is compromised.

Is it possible? and if it is possible how can we eliminate this problem (solution for the same)?

Regards,

AC

Marcin Latosiewicz · ‎04-17-2015

Oh boy, where do we start.

In general if you have cleartext and a hash (MD5/SHA), yes an attacker could send his own clear text and generate a hash provided they deduced what kind of hashing is it.

(Looking at IPsec) we're using HMAC not "simple" hashing.

https://en.wikipedia.org/wiki/Hash-based_message_authentication_code

https://en.wikipedia.org/wiki/Cryptographic_hash_function

So the key in practice, if I may simplify it, is to mix into hashing material that the two parties know about.

Athul Chandran · ‎04-17-2015

Hi Marcin Latosiewicz's,

Your comment is not visible. why?

Regards,

AC

Athul Chandran · ‎04-17-2015

Hi Marcin Latosiewicz,

Thanks for your info .... :)

can you explain how HMAC works in IPSec? i know HMAC attaches secret key to HASH. But whats that secret key? and how it is created? and how it passes to another peer (responder)?

Thanks

AC

Integrity compromised - HASH modified.