CH25 Hashing

Question 1

What is Hashing ?

Answer 1

a one-way cryptographic function which takes an input and produces a unique message digest

For the exam :
1. Hashing is used to ensure integrity. Any time you see a question that mentions integrity on the exam, you should instantly be thinking that the answer has something to do with hashing.
2. Two most common hashes in the world are MD5 and the SHA families of hashes, but MD5 is less secure than SHA

Question 2

What is MD5 ?

Answer 2

MD5 = Message Digest 5

algorithm that creates a fixed-length 128-bit hash value unique to the input file.

Question 3

What is Collision?

Answer 3

condition that occurs when two different files create the same hash digest

Question 4

What is Secure hash Algorithm (SHA-1) ?

Answer 4

algorithm that creates a fixed-length 160-bit hash value unique to the input file.

Question 5

What is Secure Hash Algorithm (SHA-2)?

Answer 5

Family of algorithms that includes SHA-224, SHA-256, SHA-348, and SHA-512

Question 6

What is Secure Hash Algorithm (SHA-3)?

Answer 6

Family of algorithms that creates hash digests between 224-bits and 512-bits

Question 7

What is RIPEMD ?

Answer 7

RACE integrity Primitive Evaluation Message Digest – an open-source hash algorithm that creates a unique 160-bit, 256-bit, or 320-bit message digest for each input file.

Question 8

What is Digital signatures?

Answer 8

prevent collisions from being used to spoof the integrity of a message.

Digital signatures use either DSA, RSA, ECDSA, or SHA

Question 9

What is Code Signing ?

Answer 9

uses digital signatures to provide an assurance that the software code has not been modified after it was submitted by the developer

Question 10

What is LANMAN (LM Hash) ?

Answer 10

Original version of password hashing used by Windows that uses DES and is limited to 14 characters.

You should disable LM Hash on your modern Windows OS. (It is disabled by default)

Question 11

What is NT LAN Manager Has (NTLM Hash) ?

Answer 11

Replacement for LM Hash that sues RC4 and was released with Windows NT 3.1 in 1993. It is disabled by default

Question 12

What is NTLMv2 Hash?

Answer 12

Replacement to NTLM Hash that uses HMAC-MD5 and is considered difficult to crack. It is used when you do not have a domain with Kerberos for authentication?

Question 13

What is Pass the Hash Attack ?

Answer 13

A technique that allows an attacker to authenticate to a remote server by using underlying NTLM or LM hash instead of requiring the associated plaintext password.

Pass the Hash is difficult to defend against.

Question 14

What is Mimikatz ?

Answer 14

a penetration testing tool used to automate the harvesting of hashes and conducting the Pass the Hash attack.

Question 15

What things can you do to prevent Pass the Hash attack?

Answer 15

a. ensure that only trusted operating systems are allowed to connect to your servers
b. Window’s domains have their trusts set up properly
c. workstations are all patched and updated
d. multifactor authentication is being used properly
e. accounts have been set up to use the concept of least privilege.

Question 16

What is Birthday Attack?

Answer 16

Technique used by an attacker to find two different messages that have the same identical hash digest.

Question 17

What is Key Stretching in regards to increasing Hash security?

Answer 17

the weaker key is run through an algorithm to create a longer, more secure key than is normally used

Question 18

What is Salting in regards to increasing Hash security?

Answer 18

adding random data into a one-way cryptographic hash to help protect against password cracking techniques.

A “nonce” is used to prevent password reuse