<div class="alert alert-block alert-info">
<span style="color:black">             
<h1> MODULE 2.1 - Hashing </h1>
<h2>Overview</h2>

Hash functions are a key component of many cryptographic functions. 
    
In this lab you will look at generating hash digests from the Linux command line and in Python scripts.

This lab has 5 sections
* Running Linux shell commands from Jupyter Notebook
* Hashing using openssl
* Properties of cryptographic hash functions
* Blockchain Proof-of-Work
* A simple XOR-based "hash" function


<div class="alert alert-block alert-info">
<span style="color:black">
    <h3>Getting Started</h3>

<div class="alert alert-block alert-info">
<span style="color:black">
    In Jupyter Notebook, you can execute Linux shell commands, by prefixing them with the "!" character

In the cell below, list the current directory. Use !ls

In [1]:
!ls

CYBR504-JupyterLab-Intro.ipynb M2.3-protocols.ipynb
[34mIP_TRACK_venv[m[m                  encryption_1.ipynb
M1_key_generation.ipynb        ip_find.py
M1_random_numbers.ipynb        ip_jup.ipynb
M1_side_channel_attacks.ipynb  is_vpn.py
M2.1-hashing_basics.ipynb      my_current_ip.py
M2.2-hashing_sql.ipynb


<div class="alert alert-block alert-info">
<span style="color:black">
    Now try getting the first line of the password file. Hint: cat /etc/passwd | head -1

In [2]:
!cat /etc/passwd | head -1

##


<div class="alert alert-block alert-info">
<span style="color:black">
    you can pass variables to shell commands by prefixing the variable name with a "$"

Try running the cell below

In [3]:
filter="/bin/bash"

! cat /etc/passwd | grep $filter

_mbsetupuser:*:248:248:Setup User:/var/setup:/bin/bash


<div class="alert alert-block alert-info">
<span style="color:black"
The openssl command provides many cryptographic related functions. To get information about generating hash values, use:
<br>    `openssl dgst --help`
<br>To generate has values, use openssl of the form:
<br>`openssl dgst -DIGEST_NAME FILE_TO_HASH`
<br>For example `openssl dgst -sha256 /etc/passwd`
<br>You can also use input from stdin, for example:
<br>`cat /etc/passwd | openssl dgst -sha256`
<br><br>Open a cell below and try this (Don't forget to add the "!" at the beginning)

In [20]:
!cat /etc/passwd | openssl dgst -sha256

SHA2-256(stdin)= bbb5b41faf87dc348dfc4def35fde32a0bf5f6c3f788b46836d735b11496abd4


<div class="alert alert-block alert-info">
<span style="color:black">
    To see a list of the available digests use the `openssl list -digest-commands`

In [4]:
!openssl list -digest-commands

openssl:Error: 'list' is an invalid command.

Standard commands
asn1parse         ca                certhash          ciphers           
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               errstr            gendh             
gendsa            genpkey           genrsa            nseq              
ocsp              passwd            pkcs12            pkcs7             
pkcs8             pkey              pkeyparam         pkeyutl           
prime             rand              req               rsa               
rsautl            s_client          s_server          s_time            
sess_id           smime             speed             spkac             
ts                verify            version           x509              

Message Digest commands (see the `dgst' command for more details)
gost-mac          md4               md5               md_gost94   

<div class="alert alert-block alert-info">
<span style="color:black">
    You can have more than one command in a cell. As an example, run the next cell.


In [5]:
!uname -a
!date
!df -h /


Darwin 4zdus.attlocal.net 21.4.0 Darwin Kernel Version 21.4.0: Mon Feb 21 20:35:58 PST 2022; root:xnu-8020.101.4~2/RELEASE_ARM64_T6000 arm64
Wed Mar  8 16:06:26 PST 2023
Filesystem       Size   Used  Avail Capacity iused      ifree %iused  Mounted on
/dev/disk3s1s1  926Gi   22Gi  818Gi     3%  500632 4293967565    0%   /


<div class="alert alert-block alert-info">
<span style="color:black">
    Now using the message, "Once upon a time in San Diego..." as input, open a cell and generate digests using the md5, sha256, sha512, sha3-512, and blake2s256 hashing algorithms. <br>Remember, you can issue multiple commands in once cell

In [82]:
msg="Once upon a time in San Diego..."

! echo -n $msg | openssl dgst -md5
! echo -n $msg | openssl dgst -sha1
! echo -n $msg | openssl dgst -sha256
! echo -n $msg | openssl dgst -sha512
! echo -n $msg | openssl dgst -sha3-512
! echo -n $msg | openssl dgst -blake2s256


MD5(stdin)= 8260fffb870b74898b2935c8772d283e
SHA1(stdin)= 680cb3cbb9b79155288c0d482f9cd9ff7f322bc8
SHA2-256(stdin)= 56946f2d29c49880cefb8a770322c465844dfff9a9d8b4d3384711ff0bbc53b6
SHA2-512(stdin)= 9b065faac14de45507ecd3e221f2f999793e5d15cb43821a526c5898355518bf4838971f1030884b92187514c2921da23cfb85e4c2c6de76e68f53836d1280bf
SHA3-512(stdin)= ffd7e1d3022be98fce899a429e3bc11bd378ea04f5631d9dd5657856ff640786252bffd3a1fd43bbf966ef28f349fbc24f7f8d06d9942bdd2264178d5da00219
BLAKE2S-256(stdin)= 14415fa233bee43f7c7e86830d02c2a04ba15fcae215a6811a6103173781c6db


<div class="alert alert-block alert-info">
<span style="color:black">
Note what similarities and differences you see.

<div class="alert alert-block alert-info">
<span style="color:black">
Now run the same set of commands, but use /etc/passwd as the input. Do this in the cell below. We've already started it for you.

In [None]:
!openssl dgst -md5 /etc/passwd
<< add lines to generate the digests for the other 4 algorithms >>

<div class="alert alert-block alert-info">
<span style="color:black">
    Consider the two inputs, and the different hashing functions, now what differences and similarities do you see? <br>
-- Feel free to open cells and run these in a different order or whatever you feel will help you.

<div class="alert alert-block alert-info">
<span style="color:black">
You can also save the output of these commands as variables in Python. Run the cell below as an example

In [2]:
d1 =  !echo -n $msg | openssl dgst -md5 -r
d2 =  !cat /etc/passwd | openssl dgst -md5 -r
print(d1)
print(d2)

['d41d8cd98f00b204e9800998ecf8427e *stdin']
['2dcc48713d82a4e6215fa84a946bb3fc *stdin']


<div class="alert alert-block alert-info">
<span style="color:black">
    <H3>Unpredictability</H3>
Run the next cell to generate the SHA-256 hash values for the bit values 0000, 0001, and 0010. 


<div class="alert alert-block alert-info">
<span style="color:black">
Changing one bit resulting in a widespread change in bit values is known as the "avalache effect" and is one of the properties of secure hash functions.
<br>Although each input is only 1 bit different from the others, there is no noticible pattern between the outputs.
<br>Given these digests, other than the length, you couldn't say anything about what \003 would be, that is, the output is unpredictable.
<br>A secure hash function should generate output that appears indistinguishable from random.

In [1]:
!echo -ne \000 | openssl dgst -sha-256 -r
!echo -ne \001 | openssl dgst -sha-256 -r
!echo -ne \002 | openssl dgst -sha-256 -r

unknown option '-sha-256'
options are
-c              to output the digest with separating colons
-r              to output the digest in coreutils format
-d              to output debug info
-hex            output as hex dump
-binary         output in binary form
-sign   file    sign digest using private key in file
-verify file    verify a signature using public key in file
-prverify file  verify a signature using private key in file
-keyform arg    key file format (PEM)
-out filename   output to filename rather than stdout
-signature file signature to verify
-sigopt nm:v    signature parameter
-hmac key       create hashed MAC with key
-mac algorithm  create MAC (not neccessarily HMAC)
-macopt nm:v    MAC algorithm parameters or key
-gost-mac       to use the gost-mac message digest algorithm
-streebog512    to use the streebog512 message digest algorithm
-streebog256    to use the streebog256 message digest algorithm
-md_gost94      to use the md_gost94 message digest algorithm
-md

<div class="alert alert-block alert-info">
<span style="color:black">
What did you notice?

<div class="alert alert-block alert-info">
<span style="color:black">
    <h3> Determinism </h3>
Now that you've seen that different inputs generate different outputs, use the following cell to run openssl and hash the same value 3 times.

<div class="alert alert-block alert-info">
<span style="color:black">
What did you notice?

<div class="alert alert-block alert-info">
<span style="color:black">
Next try hashing inputs of different lengths.

<div class="alert alert-block alert-info">
<span style="color:black">
What did you notice?

<div class="alert alert-block alert-info">
<span style="color:black">
<h3>Preimage Resistance </h3>
Preimage resistance describes the security guarantee that for a given digest, an attacker could never find a preimage that would generate that digest.
This is another way of saying the function is "one-way". This not only means that you could not reverse the function, but it is computatinally infeasable to be able by brute force to find a matching preimage, and that if you did, you would not be able to know if that preimage matched the original preimage.

Finding a full collision, where two preimages generate the same digest, is not feasible, but trying to get partial matches can give you a feel for the challenge.<br>
<br>Try changing the input to the hash function to other values or strings. Can you find one that matches the last 4 characters of any of the 3 above? What about only 2?<br>
(Open a cell or cells below to try)

In [None]:
!echo -ne "a" | openssl dgst -sha-256 -r


Trying this by hand only works if you are truly lucky. A better way to do this would be to execute a loop, and try many.<br>
<br>Change the target to a 4 character hex value (hex means only characters 0-9 and a-f) and run the cell. Run it a few times with different targets.

In [115]:
target = "<<some_4_digit_hex_value>>" 
print("target:",target.lower())
i = 0
num_trials=10000
for pre_image in range(num_trials): 
    d = !echo -n $pre_image | openssl dgst -sha256
    t = str(d)[-6:-2] #- change first index for different number of bytes
    #print("t:",t)
    if t == target.lower():
        print("[found on try ",pre_image,"] dgst:",d)
        break;
if t!=target:
    print("Not Found after",pre_image+1,"trials")

target: <<some_4_digit_hex_value>>
Not Found after 10000 trials


While we can make system calls through the shell, it's much faster to directly use library calls instead. In this case, we'll use the Python "hashlib" library.
Take a look at the function below. It uses a base string to create a target digest, a limit on how many values to try, and how many of the last characters to match.

In [142]:
import hashlib
import string
import random

def find_match(limit,match_size,str_base):

    # initializing size of string
    N = 128
    d_base = hashlib.sha256(str_base.encode()).hexdigest()
    print("The base string is:", str_base)
    print("The base hash is:  ", d_base)
    print("Trying to match the last:",match_size)

    # using random.choices()
    # generating random strings
    for i in range(0,limit):
        str_check = str(i)
        #str_check = ''.join(random.choices(string.ascii_uppercase + string.digits, k=N))
        d_check = hashlib.sha256(str_check.encode()).hexdigest()

        if d_base[-match_size:] == d_check[-match_size:]:
            print("\nThe generated random hash   :" + str(d_check))
            print("The generated random string :" + str(str_check))
            break

        if i % 4000000 == 0: print()
        if i % 50000 == 0: print(".", end = '')

    # print result
    print()
    if i==limit-1:
        print("FAILED after",i,"trials")
    else:
        print("test stopped after",i,"trials")


Use the code in the cell below as a model to see how long it takes to find a string hashed to the same last 4 digits as the string you picked as the base.

In [143]:
limit=10000000
match_size=4
str_base="help me!"
find_match(limit,match_size,str_base)

The base string is: help me!
The base hash is:   59bc1eca8a7f9225087065374c77681dfbe06e19ff8f6732dcc0a777a013e98b
Trying to match the last: 4

......
The generated random hash   :b10ddc3914b6b5211bc93c49a59f0992198d05289d4bf8ed342fef3141a0e98b
The generated random string :279160

test stopped after 279160 trials


What about 6? What about 8?

Consider the number of trials needed to matching just these few bits of the digest (each hex digit in the digest = 4 bits, so matching 6 characters is matching 24 bits),
<br>What do you think about the feasibility of finding a full match?

## Avalanch Effect
The following code generates pairs of random values, calculates the hash of each, then determines how many bit positions are different between the two, and calcuates the average.<br>
Run it to see what sha256 gives.

In [122]:
import hashlib
  
#- calculate the number of bits differing between two different values
def bit_differences( A,  B):
  
    count = 0
 
    for i in range(0,512):
 
        # right shift both the numbers by 'i' and
        # check if the bit at the 0th position is different
        if ((( A >>  i) & 1) != (( B >>  i) & 1)):
             count=count+1
          
    return count  
 
#- generate hash of two input strings
def run_trial(A,B):    
    
    #- change the hash function here
    #- << change digest method here >>
    result_a = hashlib.sha256(A).hexdigest()
    result_b = hashlib.sha256(B).hexdigest()
    
    r_a = int(result_a,16)
    r_b = int(result_b,16)

    #print("a:",A,"d_a:",result_a, r_a)
    #print("b:",B,"d_b:",result_b, r_b)

    return bit_differences( r_a,  r_b)




In [140]:
#- calculate the average number of bit differences between two random pre-images
import random
sum=0
for i in range(1000):
    r1 = random.randint(0,99999999)
    r2 = random.randint(0,99999999)
    r1a = r1 ##<< flip a bit >>##
    count = run_trial(str(r1).encode(),str(r2).encode())
    sum += count

print("avg bit diff:",sum/i)

avg bit diff: 128.17017017017017


Now, copy the code from the cell above to the cell below, and modify it to determine the average bit distance between 2 inputs which differ by one bit. (hint: XOR of a single one will flip a single bit)

In [None]:
copy code here:

Comment on what you observed:

## Proof-of-Work

One use of cryptography in blockchain is "proof-of-work". To accomplish the "miners" must find a preimage that results in a digest that is smaller than some set value. Over time this value is reduced making mining more difficult.

Below is some Python code that generates digest from an input, *test_input*, and then checks to see if it is smaller than the target, *target_digest*.


In [94]:
import hashlib
import binascii

def proof_of_work(test_input):
    target_digest = b'000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
    digest = binascii.hexlify(bytearray(hashlib.sha256(test_input).digest()))

    print("input: ",test_input)
    print("digest:", digest)
    print("target:", target_digest)

    return digest < target_digest


See if you can find an input that creates a digest smaller than the target.

In [95]:
test_input = b'00000000'
proof_of_work(test_input)

input:  b'00000000'
digest: b'7e071fd9b023ed8f18458a73613a0834f6220bd5cc50357ba3493c6040a9ea8c'
target: b'000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'


False

## A simple XOR "hash" function in Python


The partial function below iterates over the bytes in the input string (as a list of bytes) and returns the result.

#### 1) Modify the function below as needed so that it XORs each byte in the string with the next and returnd the result

In [None]:
def xor_hash(input_bytes):
    h0 = ##<< set initial value here >>##
    
    value=h0
    for byte in input_bytes:
        value = value ##<< complete to XOR value with the current byte >>##
        
    return hex(value)        
    

#### 2)	Consider your xor hash function:
2a.	In your function, what did you initialized <i>h0</i> to? Why?

2b.	How many inputs could your function accept?


2c.	How many unique digest values could this function generate? 

2d.Using the quote, “Anyone who tries to create his or her own cryptographic primitive is either a genius or a fool. Given the genius/fool ratio of our species, the odds aren't very good. --Bruce Schneier", as the preimage for your function,
  what is the output value returned?

In [50]:
message = b"Anyone who tries to create his or her own cryptographic primitive is either a genius or a fool. Given the genius/fool ratio of our species, the odds aren\'t very good. --Bruce Schneier"
xor_hash(message)

'0x6e'

#### 3)	Attempt to find a pre-image such that your function would output 0xCC as the digest. You may do this by executing your function or paper and pencil


3a.	What was the pre-image you found?

3b.	Explain the method you used to find it?

#### 4)	Attempt to find a collision – any two different pre-images that generate the same hash value. You may do this using your function or paper and pencil
4a.	What are the two inputs?

4b.	What was the hash value?

#### 5)	Consider your xor function.
5a.	Is your function a hash function?

5b.	Why or why not?

#### 6)	Consider the requirement that CHFs must be one-way, meaning you could not easily determine the original pre-image from its matching digest.
6a.	In your function one way?

#### 7) Consider the requirements of a “cryptographic” hash function (CHF)?

7a.	In what ways does your hash function meet them, if any?

7b.	In what ways does your hash function NOT meet them, if any?

#### 8)	One property of CHFs is exhibiting good diffusion or an avalanche effect?
8a.	Explain what you did you evaluate this?


8b.	Is this a good hash function for security purposes? Explain.