PROJECT: HASH ATTACK

You may start working on this project as you progress through the content of this module. Note that you may also address any uncertainties pertaining

to this project during the live sessions.

In this project, you will gain a concrete understanding of the Secure Hash Algorithm $1($SHA$-1)$ and experience implementing a system from a

specification. You will understand the distinction between collision attacks and preimage attacks and test whether theoretical costs are observed in

practice. You will then get to demonstrate the ability to design and conduct an experiment and convey technical results clearly.

A collision attack in hashing is when an attacker finds two separate source messages that both hash to the same value. The average time needed for this

attack to succeed is roughly $2^{(\frac{n}{2})-1},$ where $n$ is the number of bits in the digest.

In the second part of this project, you will gather experimental data regarding how difficult it is to perform a collision and preimage attack on a hash. To

complete this project, you will need to do the following:

Create a wrapper for a SHA$-1$ implementation of your choice. This wrapper will take as input the string to hash as well as the number of bits $($n$)$ that

the hash should be$.$ The output will be the SHA$-1$ hash of the given string truncated to the provided number of bits.

Using this wrapper, conduct a series of collision and preimage attacks at different bit sizes.

a$.$ You should test at least $8$ different bit sizes between the range $8$ to $32.$ Choose reasonable values for bit sizes. You should have at most $4$ trials at

bit sizes between $8-15.$ I recommend you use the following bit sizes: $8,10,12,14,16,18,20,22.$

b$.$ Don't attempt attacks against bit sizes that take you hours to complete. Be reasonable.

c$.$ Keep track of the number of attempts it took for the attack to be successful. Do not track wall$-$clock time.

d$.$ You should gather at least $50$ samples at each bit size. Remember, a sample is the number of iterations needed to successfully find a collision.

Write a $2-$ to $4-$page report, describing how your experimental results compare to the theoretical difficulty of attacking a hash of a given size.

a$.$ Your report should be clear and concise.

b$.$ Your report should include two graphs summarizing your results, one for the preimage attack and one for the collision attack.

i$.$ Your graph should include a line showing the expected number of iterations to conduct the attack for each of your tested bit sizes.

ii$.$ Your graph should also summarize the average number of iterations needed to produce a collision for each tested bit size.

iii. The graph should also include details about the variance in your results. This could be done by plotting all samples, using a violin plot, or

using a box and whisker plot.

Recommendation: Use a logarithmic axis for iterations.