General Security Concepts: Examining Hashing and Obfuscation

Question 1

What is hashing, and how does it apply to security?

Answer 1

Hashing is a cryptographic operation that transforms data into a fixed-length string of characters known as a hash or hash value. The length of a hash, or output, doesn’t change for any given input, and it supports integrity and authenticity verification.

Question 2

What are the variety of Hashing algorithm?

Answer 2

Message Digest 5 (MD5)
Secure Hash Algorithm 1 (SHA-1)
SHA-256
SHA-3
bcrypt
Argon2
RACE Integrity Primitives Evaluation Message Digest 160 (RIPEMD-160)
Whirlpool
BLAKE2
SipHash

Note: You should carefully consider the specific requirements of your application and security needs, and the current state of cryptographic knowledge, before choosing a hashing algorithm. Additionally, always use well-established and recommended algorithms for security-critical applications.

Question 3

What does MD5 do?

Answer 3

Message Digest 5 (MD5): 128-bits long, it provides fast computation and is widely supported. However, it’s vulnerable to collision attacks, and isn’t suitable for security-sensitive applications.

Question 4

What does Secure Hash Algorithm 1 (SHA-1) do?

Answer 4

Secure Hash Algorithm 1 (SHA-1): 160-bits long, it’s faster than SHA-256 and widely supported. However, it’s also vulnerable to collision attacks and has been deprecated for security-critical use.

Question 5

What does SHA-256 do?

Answer 5

SHA-256: 256-bits long, it provides strong security and resistance to collision attacks. However, it’s slower than MD5 and SHA-1 but generally is secure for most applications.

Question 6

What does SHA-3 do?

Answer 6

SHA-3: It has a configurable length, such as SHA3-256 and SHA3-512, and provides high security, resistance to various attacks, and based on different principles than SHA-2. However, it’s relatively new and hasn’t been widely adopted yet.

Question 7

What does bcrypt do?

Answer 7

bcrypt: Based on the Blowfish cipher, bcrypt has variable length. It’s slow and computationally expensive, and is suitable for password storage. However, because it’s slower, performance issues can result.

Question 8

What does Argon2 do?

Answer 8

Argon2: Has a variable length, and is highly resistant to brute force and GPU-based attacks. It’s designed for password hashing. However, newer algorithms may result in limited support in some environments.

Question 9

What does RIPEMD-160 do?

Answer 9

RACE Integrity Primitives Evaluation Message Digest 160 (RIPEMD-160): 160-bits in length, it’s faster than some other algorithms but is vulnerable to collision attacks. It’s not recommended for high-security applications.

Question 10

What does Whirlpool do?

Answer 10

Whirlpool: 512-bits in length, it provides strong security and is resistant to known attacks. However, it can be slower than some other algorithms.

Question 11

What does BLAKE2 do?

Answer 11

BLAKE2: Has a variable length, such as BLAKE2s and BLAKE2b, and provides high performance and security. It’s suitable for various applications but has been less widely adopted when compared to older algorithms.

Question 12

What does SipHash do?

Answer 12

SipHash: Has a variable length, such as SipHash-2-4 and SipHash-4-8, and is designed for hashing data structures and protecting against hash-based attacks. However, it’s not a general-purpose hash, and is suitable for specific

Question 13

What is obfuscation?

Answer 13

Obfuscation is the practice of deliberately making data and code, including malware, more difficult to understand or analyze. You can use it to protect sensitive information, create covert communication channels, and deliver malware.

Question 14

What is steganography?

Answer 14

Steganography is a method of hiding secret information within nonsecret data, such as images, audio files, or text. You can use it to conceal a secret message or covert communication channel.

Question 15

What is tokenization?

Answer 15

Tokenization is a method of converting sensitive data, such as credit-card numbers or personal information, into nonsensitive tokens. You can use it to securely store sensitive data and then transmit nonsensitive tokens to reduce the risk of data breaches.

Question 16

What is data masking?

Answer 16

Data masking is a protection technique that replaces sensitive information, such as organizational data, in a dataset that has fictional or scrambled data. It preserves the format of the sensitive information while reducing the risk of exposure or unauthorized access.

Question 17

What are some of the examples of Steganography?

Answer 17

Image Steganography:

Least Significant Bit (LSB) Method: The most common technique where the least significant bits of the pixels in an image are replaced with the bits of the secret message. The changes are usually imperceptible to the human eye.
Example: Hiding a text message within an image file.

Audio Steganography:

Embedding a secret message within an audio file by manipulating the digital representation of the audio signal. This can be done by altering the least significant bits of the audio samples.
Example: Embedding a hidden message within an MP3 file.

Text Steganography:

Concealing messages within text files by using subtle changes, such as adjusting the spacing between words or lines, or using fonts and invisible ink techniques.
Example: Adding extra spaces or tabs in a text document to encode a hidden message.

Video Steganography:

Hiding data within video files, either by manipulating the individual frames of the video or by embedding data within the audio track of the video.
Example: Embedding a hidden message in a video file by altering the pixel values of certain frames.

Network Steganography:

Embedding information within network protocols and traffic patterns. This can be done by manipulating packet headers, timing of packets, or using covert channels.
Example: Hiding data within the headers of TCP/IP packets.

Question 18

What are the example of Tokenization?

Answer 18

Example of Tokenization:

Credit Card Processing:
Imagine a company needs to store customer credit card information securely. Instead of storing the actual credit card number, the company can use tokenization to store a token.

Original Data:

Credit Card Number: 4111 1111 1111 1111

Tokenization Process:
The credit card number is sent to a secure tokenization server.
The server generates a token that is mapped to the credit card number.
Token: TKN-1234567890

Stored Data:
Instead of storing the credit card number, the company stores the token.
Token: TKN-1234567890

Detokenization:
When the original credit card number is needed (e.g., for processing a transaction), the token is sent to the tokenization server.
The server retrieves the original credit card number using the token and sends it back securely.
Example in Context:
Step-by-Step Tokenization Process in a Payment System:

Customer Purchase:
A customer enters their credit card information on an e-commerce website.

Tokenization Request:
The website sends the credit card information to the tokenization server.

Token Generation:
The tokenization server generates a unique token for the credit card number, such as TKN-1234567890.

Token Storage:
The e-commerce website stores the token (TKN-1234567890) instead of the actual credit card number in its database.

Payment Processing:
When a payment needs to be processed, the website sends the token to the tokenization server.

Detokenization:
The tokenization server retrieves the original credit card number (4111 1111 1111 1111) using the token.

Transaction Completion:
The original credit card number is used to complete the transaction securely.

Question 19

What are the methods of Data Masking?

Answer 19

Scrambled information - Such as UserID to Random ID
Substitution - Street name 01 to Street Name 02
Partial masking - Credit info XXX XXX XXX 306
Randomized - Birthdate to Alternative Date