This lecture explores the role played by hash functions in helping us to guarantee message integrity and authenticity. It covers a range of standard hash functions, past and present, and considers the reasons why some of the older functions are now considered insecure. The lecture also looks at how hash functions are used in combination with a shared secret to compute message authentication codes (MACs).

• Lecture video
• Slides (PDF)
• Code examples
• Exercises:
  • Introduction to Hash functions
  • Hash Functions in Python & Java
  • Computing HMACs in Python
  • Computing HMACs in Java
• Other resources:
  • Paper from 2008 on creating a rogue certificate via MD5 collisions
  • Advisory and example code for the MD5 length extension attack on the Flickr API
  • Blog from 2015 on exploiting MD5 collisions to hide malware
  • Shattered.io: details of the first realistic SHA-1 collision for actual documents
  • Leurent & Peyrin’s work on chosen prefix SHA-1 collisions:
    • EUROCRYPT 2019 paper
    • GitHub repository
  • SHA-256 algorithm visualizer