Change search
ReferencesLink to record
Permanent link

Direct link
Crypto analysis and its applications to password hashing
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
2013 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Hash functions are a type of mathematical function that takes an input of arbitrary length and gives an output of fixed length, called a hash value. Many consider hash values to be sort of a “fingerprint” of some data, since they can be assumed to have unique outputs for any possible input. This assumption does not make a lot of sense, because the size of the input space is infinite while the size of the output space remains finite! It is, nevertheless, defensible because of the infeasibility of finding two inputs that yield the same hash value. Hash functions are often used to store passwords in databases since it is not feasible either to go from a hash value to a preimage. By saving the hash value rather than the password and checking the hash value of the user’s input it is possible to check passwords without the need to store them, which is an advantage if one wants to control the damage of a possible data leakage. This work researches different cryptanalytic techniques for searching for preimages to hash values in a password-cracking context. A 27% increase in performance is gained using a time/memory tradeoff instead of naively iterating through password candidates. The attack is also demonstrated in practice, where it attains a 50% improvement. The data is then analyzed and discussed for the purpose of assessing the implementability of the attacks in already existing cracking implementations.


Place, publisher, year, edition, pages
2013. , 81 p.
TRITA-ICT-EX, 2013:200
National Category
Information Systems
URN: urn:nbn:se:kth:diva-142651OAI: diva2:703992
Subject / course
Communications Systems
Educational program
Master of Science -Security and Mobile Computing
Available from: 2014-03-10 Created: 2014-03-10 Last updated: 2014-03-10Bibliographically approved

Open Access in DiVA

fulltext(538 kB)374 downloads
File information
File name FULLTEXT01.pdfFile size 538 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Communication Systems, CoS
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 374 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 146 hits
ReferencesLink to record
Permanent link

Direct link