On the security of VSH in password schemes

Kimmo Halunen, Pauli Rikula, Juha Röning

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

In this paper we improve Saarinen's method for finding preimages of Very Smooth Hash (VSH) hash values and generalise it to some of the variants of VSH proposed by Contini et al. VSH is a new hash function that has been proved to be collision resistant under similar assumptions on the factoring of large integers as the RSA cipher. Saarinen has developed a method for finding preimages of VSH hash values and in his paper he gave an example of its application to 169-bit VSH and 4-character passwords consisting of lowercase alphabets. Because there were no results on the practical effectiveness of this approach with cryptographically significant security parameters, we give some results on the time and memory required to find the preimages of 8-character alphanumeric passwords secured by 1024-bit and 2048-bit VSH on quite modest hardware. In our study we implemented both the original VSH and the cubing variant of VSH. Our results show that both Saarinen's method and our method can find preimages of password hash values very quickly and that our method is faster in many cases. Our method also uses reusable tables that can be used to find the preimages of subsequent hash values faster than with the original method.

Original languageEnglish
Title of host publication2008 Third International Conference on Availability, Reliability and Security
PublisherInstitute of Electrical and Electronic Engineers IEEE
Pages828-833
Number of pages6
ISBN (Print)978-0-7695-3102-1
DOIs
Publication statusPublished - 14 Aug 2008
MoE publication typeNot Eligible
Event3rd International Conference on Availability, Security, and Reliability, ARES 2008 - Barcelona, Spain
Duration: 4 Mar 20087 Mar 2008

Conference

Conference3rd International Conference on Availability, Security, and Reliability, ARES 2008
CountrySpain
CityBarcelona
Period4/03/087/03/08

Fingerprint

Hash functions
Hardware
Data storage equipment

Cite this

Halunen, K., Rikula, P., & Röning, J. (2008). On the security of VSH in password schemes. In 2008 Third International Conference on Availability, Reliability and Security (pp. 828-833). Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ARES.2008.34
Halunen, Kimmo ; Rikula, Pauli ; Röning, Juha. / On the security of VSH in password schemes. 2008 Third International Conference on Availability, Reliability and Security. Institute of Electrical and Electronic Engineers IEEE, 2008. pp. 828-833
@inproceedings{4850bf6728b24973aef7b7c777ae52f3,
title = "On the security of VSH in password schemes",
abstract = "In this paper we improve Saarinen's method for finding preimages of Very Smooth Hash (VSH) hash values and generalise it to some of the variants of VSH proposed by Contini et al. VSH is a new hash function that has been proved to be collision resistant under similar assumptions on the factoring of large integers as the RSA cipher. Saarinen has developed a method for finding preimages of VSH hash values and in his paper he gave an example of its application to 169-bit VSH and 4-character passwords consisting of lowercase alphabets. Because there were no results on the practical effectiveness of this approach with cryptographically significant security parameters, we give some results on the time and memory required to find the preimages of 8-character alphanumeric passwords secured by 1024-bit and 2048-bit VSH on quite modest hardware. In our study we implemented both the original VSH and the cubing variant of VSH. Our results show that both Saarinen's method and our method can find preimages of password hash values very quickly and that our method is faster in many cases. Our method also uses reusable tables that can be used to find the preimages of subsequent hash values faster than with the original method.",
author = "Kimmo Halunen and Pauli Rikula and Juha R{\"o}ning",
year = "2008",
month = "8",
day = "14",
doi = "10.1109/ARES.2008.34",
language = "English",
isbn = "978-0-7695-3102-1",
pages = "828--833",
booktitle = "2008 Third International Conference on Availability, Reliability and Security",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Halunen, K, Rikula, P & Röning, J 2008, On the security of VSH in password schemes. in 2008 Third International Conference on Availability, Reliability and Security. Institute of Electrical and Electronic Engineers IEEE, pp. 828-833, 3rd International Conference on Availability, Security, and Reliability, ARES 2008, Barcelona, Spain, 4/03/08. https://doi.org/10.1109/ARES.2008.34

On the security of VSH in password schemes. / Halunen, Kimmo; Rikula, Pauli; Röning, Juha.

2008 Third International Conference on Availability, Reliability and Security. Institute of Electrical and Electronic Engineers IEEE, 2008. p. 828-833.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - On the security of VSH in password schemes

AU - Halunen, Kimmo

AU - Rikula, Pauli

AU - Röning, Juha

PY - 2008/8/14

Y1 - 2008/8/14

N2 - In this paper we improve Saarinen's method for finding preimages of Very Smooth Hash (VSH) hash values and generalise it to some of the variants of VSH proposed by Contini et al. VSH is a new hash function that has been proved to be collision resistant under similar assumptions on the factoring of large integers as the RSA cipher. Saarinen has developed a method for finding preimages of VSH hash values and in his paper he gave an example of its application to 169-bit VSH and 4-character passwords consisting of lowercase alphabets. Because there were no results on the practical effectiveness of this approach with cryptographically significant security parameters, we give some results on the time and memory required to find the preimages of 8-character alphanumeric passwords secured by 1024-bit and 2048-bit VSH on quite modest hardware. In our study we implemented both the original VSH and the cubing variant of VSH. Our results show that both Saarinen's method and our method can find preimages of password hash values very quickly and that our method is faster in many cases. Our method also uses reusable tables that can be used to find the preimages of subsequent hash values faster than with the original method.

AB - In this paper we improve Saarinen's method for finding preimages of Very Smooth Hash (VSH) hash values and generalise it to some of the variants of VSH proposed by Contini et al. VSH is a new hash function that has been proved to be collision resistant under similar assumptions on the factoring of large integers as the RSA cipher. Saarinen has developed a method for finding preimages of VSH hash values and in his paper he gave an example of its application to 169-bit VSH and 4-character passwords consisting of lowercase alphabets. Because there were no results on the practical effectiveness of this approach with cryptographically significant security parameters, we give some results on the time and memory required to find the preimages of 8-character alphanumeric passwords secured by 1024-bit and 2048-bit VSH on quite modest hardware. In our study we implemented both the original VSH and the cubing variant of VSH. Our results show that both Saarinen's method and our method can find preimages of password hash values very quickly and that our method is faster in many cases. Our method also uses reusable tables that can be used to find the preimages of subsequent hash values faster than with the original method.

UR - http://www.scopus.com/inward/record.url?scp=49049119123&partnerID=8YFLogxK

U2 - 10.1109/ARES.2008.34

DO - 10.1109/ARES.2008.34

M3 - Conference article in proceedings

SN - 978-0-7695-3102-1

SP - 828

EP - 833

BT - 2008 Third International Conference on Availability, Reliability and Security

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Halunen K, Rikula P, Röning J. On the security of VSH in password schemes. In 2008 Third International Conference on Availability, Reliability and Security. Institute of Electrical and Electronic Engineers IEEE. 2008. p. 828-833 https://doi.org/10.1109/ARES.2008.34