Section 25 - Hashing

Question 1

What is hashing?

Answer 1

Hashing is a one-way cryptographic function which takes an input and produces a unique message digest as its output.

*** because this is a one way function, there’s no way to determine the original message based on the hash it’s outputted. The resulting message digest acts like a digital fingerprint for the original file.

Question 2

A unique thing about a hash digest is that they are always the same…?

Answer 2

Length

Regardless of how long your input is

Question 3

What is the most commonly hash algorithm?

Answer 3

MD5

Question 4

How does MD5 work?

Answer 4

It creates a 128-bit hash value that is unique to the input file.

Question 5

What is a hash collision?

Answer 5

Because the hash value outputted is only 128 bits long, it can create only a limited number of unique values. This can lead to two files having the same exact resulting hash digest.

*** Due to this problem, a newer algorithm SHA was created.

Question 6

What does SHA stand for?

Answer 6

Secure Hash Algorithm

Question 7

How does SHA differ from MD5?

Answer 7

It has a higher bit digest which significantly reduces the number of hash collisions.

Question 8

How many versions of SHA are there?

Answer 8

3

SHA-1 = 160-bit digest

SHA-2 = has a digest between 224-512 (this has a family of hash functions SHA-224, SHA-256, SHA-348, SHA-512)

SHA-3 - uses 120 rounds of computations

Question 9

What is RIPEMD?

Answer 9

A hashing function known as RACE Integrity Primitive Evaluation Message Digest

This comes in 160, 256 and 320-bit versions.

Question 10

What is HMAC?

Answer 10

A hashing function known as Hash-based message Authentication Code

This actually uses the other hashing algorithms to do the work. So it’s often called something like, HMAC-MD5, HMAC-SHA1, etc.

Question 11

To prevent collisions from being used to spoof the integrity of a file or message, many professionals have turned to…?

Answer 11

Digital Signatures

Question 12

What is a digital signature?

Answer 12

A digital signature is created by hashing a file and then taking that resulting hash digest and encrypting it with a private key.

** So, if you were to send an email with a digital signature, you run that email message through a hashing algorithm of your choice and with the resulting hash you would encrypt it with your private key. When the email is received, that person will decrypt the digital signature using their public key which is give them the hash. The hash is then run through the hash algorithm which will compare their message digest with my digital signature. If they match, then you know the email was not modified.

Question 13

For digital signatures to be utilized, you should use what…?

Answer 13

DSA (Digital Security Algorithm)

RSA (Rivest-Shamir-Adelman)

ECC version of DSA/SHA

DSS (Digital Security Standard) (the government uses this)

Question 14

Most commercial entities rely upon the RSA standard because…?

Answer 14

It’s faster and can be used for digital signatures, encryption and key distribution

Question 15

Digital signatures have expanded beyond email. ___ ___ of our files relies upon the digital signature for a program or a file.

Answer 15

Code signing

*** For example, if you create a mobile app that you wanted to put in an app store you would have to digitally sign it thus “code signing.”

Question 16

In a Windows machine, passwords aren’t stored in cleartext or in an encrypted format. They’re actually stored as…?

Answer 16

Hashes

Question 17

What is LANMAN?

Answer 17

AKA LAN Manager hash or LM Hash

The original version of password hashing used by Windows

Based on the DES algorithm and was limited to 14 characters

*** Created in the 1980’s and is weak because it uses DES and was easy to crack due to its limited possible combinations. It should never be used and disabled if seen on a computer.

Question 18

What is NTLM hash?

Answer 18

A replacement to LANMAN

Also known as NT LAN Manager hash

Used RC4 instead of DES

It is usually disabled by default

Question 19

What was created to replace NTLM?

Answer 19

NTLMv2 (version two)

This relies on the HMAC-MD5 hash

Question 20

What are two important things to remember about hashing for the exam?

Answer 20

1. Hashing is used to ensure integrity. Any question regarding integrity probably has something to do with hashing.
2. Remember the two most common hashes in the world are: MD5 and SHA family of hashes
3. MD5 is less secure than SHA

Question 21

What is “Pass the Hash”?

Answer 21

A hacking technique that allows the attackers to authenticate to a remote server or service by using the underlying hash of a user’s password instead of requiring the associated plaintext password as your normally would have to do

*** If an attacker is able to steal your hash, they can simply reuse it. They are functionally equivalent to the original password.

Question 22

What is a “Birthday Attack”

Answer 22

This occurs when an attacker is able to send two different messages through a hash algorithm and it results in the same identical hash digest causing a collision

Question 23

What is key stretching?

Answer 23

A technique that’s used to mitigate a weaker key by increasing its effectiveness and thereby increasing the time needed to crack it

*** The weaker key is run through an algorithm to create a longer, more secure key than is normally used.

Question 24

What are some ways to increase the strength of our hashes?

Answer 24

Key Stretching
Salting
Nonce

Question 25

What is “Salting”?

Answer 25

A technique of adding random data into a one-way cryptographic hash to help protect against password cracking techniques like dictionary attacks, brute-force attacks and rainbow tables.

Question 26

What is “Nonce”

Answer 26

Used to help secure a weaker password, where a number used once, known as “nonce,” is added to the password-based authentication to help prevent an attacker from reusing your password

Question 27

NTLMv2 is used by Windows machines that don’t rely on ___ for authentication.

Answer 27

Kerberos