Przemysław Rodwald

• PhD
• Polish Naval Academy

Family of parameterized hash algorithms - PHAL is a proposal of a new dedicated hash algorithm designed as an answer to weaknesses of MD/SHA hash function family. Recently proposed attacks on wellknown and widely used hash functions motivate a design of new hash functions. In this paper new approach is presented, where few elements of hash function...

PHAL-256 (Parameterized Hash ALgorithm) is a proposal of a new dedicated hash algorithm designed as an answer to weaknesses of MD/SHA family. Recently proposed attacks on well-known and widely used hash functions motivate a design of new hash functions. In this paper new approach is presented, where a few elements of hash function are parameterized...

PHAL (Parameterized Hash ALgorithm) is a proposal of a new dedicated hash algorithm designed in answer to weaknesses of MD/SHA family. Recently proposed attacks on well-known and widely used hash functions motivate a design of new hash functions. Some number of its components used by hash functions can be parameterized. By changing parameters the a...

Petra is a family of cryptographic hash functions proposed in 2002 by Mohannad Najjar in his PhD dissertation. In this paper I give a practical attack for finding pseudocollision in every round of Petra algorithm. In addition, I show that rounds of Petra are not one-way.

S-box (substitution box) is a basic element of many block ciphers and few interesting hash functions (Tiger, Whirlpool). This paper presents design criteria based on information theory, properties of good, cryptographically strong S-boxes and two methods of generation. First base on set of bent functions and second base on inversion mapping.

The pseudo-anonymous nature of Bitcoin makes it possible to assign addresses to clusters, and in some cases to identify an entity to which the cluster belongs. Searching for these connections manually is a tedious and time-consuming activity. The increasing number of commercial tools supporting de-anonymization, due to the high cost, does not alway...

There is a demand for cryptoassets analysis tools among law enforcement. Most solutions are focused on tracking and tracing money flows. The popularity of energy-hungry blockchains, where illegal mining activities are growing rapidly, shows a need to estimate past energy consumption. This paper presents an online system that helps with this estimat...

The main purpose of Bitcoin address is a representation of a possible source or destination for a payment. However, some users use it not for the transfer of cryptocurrencies, but to record some arbitrary data, ranging from short messages to website links. We provide the first systematic analysis, both quantitative and qualitative, of data hidden i...

Internet was not designed for anonymity, but most users posting comments with unidentifiable pseudonyms hope to stay anonymous. On many websites, especially those powered by WordPress, the comments system is linked with the Gravatar service. That service uses email address, in obfuscated form (MD5 hash function), to provide users’ avatars. This app...

Due to the current challenges in computer forensics and password cracking, a single GPU is no longer sufficient. Thus, distributed password cracking platforms with dozens of GPUs become a necessity in the race against criminals. In this paper, we show a multi-GPU cracking platform build on Hashcat-based open-source distributed tool Hashtopolis for...

Stack Overflow is a globally recognizable service features questions and answers on a wide range of topics in computer programming. Even though stackoverflow is not an anonymous service, users posting comments hope to not reveal personal email. Email, which according to EU laws is consider as a personal information. Unfortunately, emails are possib...

Passwords are still the most widespread method of authentication. It is well known and very common for users to create weak passwords. We decided to check the strength of passwords of real systems by cracking MD5 hashes. The results have dismayed us given that 94,94% of passwords were cracked within just a few days. In order to understand the resul...

Although the Internet has not been created for anonymity, many users posting comments on blogs hope that they will remain anonymous. The article presents an attack on revealing the e-mail addresses of users posting comments on the sample website using Gravatar. This attack aims to make readers aware of the fact that by posting comments on sites usi...

It is very common for users to create weak passwords. Currently, the majority of websites deploy password strength meters to provide timely feedback. These meters are in wide use and their effects on the security of passwords have been relatively well studied. In this paper another type of feedback is studied: a gamified approach supported by fear...

The aim of this article is to show how one can deanonymize users of cryptocurrencies. To this end the most popular of the cryptocurrencies, i.e. bitcoin is used as an example. At the beginning, the basic concepts about cryptocurrencies are presented. Afterwards, our approach to systematize the types of transactions existing in the blockchain is pro...

The aim of the article is to present the password breaking methodology in case when an attacker (forensic investigator, court expert, pen tester) has imposed time restrictions. This is a typical situation during many legal investigations where computers are seized by legal authorities but they are protected by passwords. At the beginning, the curre...

The aim of the article is to systematise the methods of securing static passwords stored in IT systems. Pros and cons of those methods are presented and conclusions as a recommendation for IT system designers are proposed. At the beginning, the concept of cryptographic hash function is presented, following discussion of methods of storing passwords...

This article deals with pro-cedures for using artillery meteorologi-cal messages in NATO. It presents the ways of acquiring meteorological data, methods for coding such data, and the structure of an artillery meteorological message. Additionally, it includes a draft of software for decoding an artillery meteorological message in digital form into t...