On the security of VSH in password schemes

Kimmo Halunen, Pauli Rikula, Juha Röning

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

In this paper we improve Saarinen's method for finding preimages of Very Smooth Hash (VSH) hash values and generalise it to some of the variants of VSH proposed by Contini et al. VSH is a new hash function that has been proved to be collision resistant under similar assumptions on the factoring of large integers as the RSA cipher. Saarinen has developed a method for finding preimages of VSH hash values and in his paper he gave an example of its application to 169-bit VSH and 4-character passwords consisting of lowercase alphabets. Because there were no results on the practical effectiveness of this approach with cryptographically significant security parameters, we give some results on the time and memory required to find the preimages of 8-character alphanumeric passwords secured by 1024-bit and 2048-bit VSH on quite modest hardware. In our study we implemented both the original VSH and the cubing variant of VSH. Our results show that both Saarinen's method and our method can find preimages of password hash values very quickly and that our method is faster in many cases. Our method also uses reusable tables that can be used to find the preimages of subsequent hash values faster than with the original method.

Original languageEnglish
Title of host publication2008 Third International Conference on Availability, Reliability and Security
PublisherIEEE Institute of Electrical and Electronic Engineers
Pages828-833
Number of pages6
ISBN (Print)978-0-7695-3102-1
DOIs
Publication statusPublished - 14 Aug 2008
MoE publication typeNot Eligible
Event3rd International Conference on Availability, Security, and Reliability, ARES 2008 - Barcelona, Spain
Duration: 4 Mar 20087 Mar 2008

Conference

Conference3rd International Conference on Availability, Security, and Reliability, ARES 2008
CountrySpain
CityBarcelona
Period4/03/087/03/08

    Fingerprint

Cite this

Halunen, K., Rikula, P., & Röning, J. (2008). On the security of VSH in password schemes. In 2008 Third International Conference on Availability, Reliability and Security (pp. 828-833). IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ARES.2008.34