Pass your certification exam. Faster. Guaranteed.

Hashing Algorithms Transcription

Welcome to our Cryptography Fundamentals Module. In this module, we will discuss hashing algorithms. Hashing algorithms are not encryption, but they are used to ensure data integrity. A hash is like a fingerprint for a specific stream of data such as a file. A hash value is a unique hexadecimal identifier that is created by looking at the original stream of data.

You can later generate another hash value, and if you find that it matches the original hash value, you can verify that the file has not been modified, and this is known as a hash check. The two most common type of hashing algorithms are message digest five or MD5.

And secure hash algorithm one or SHA-1. These are commonly used to create hash values for files. SHA-2 also know as SHA-256 is a longer hash value, and is more collision resistant, and V5 is no longer considered secure because collisions have occurred. A collision is when two different sets of data, both have the same hash value, and once this occurs, you can no longer rely on the hashing algorithm.

Hashing algorithms are mathematical formulas which are able to generate a message digest, or a fixed length string of hexadecimal characters that can be used to confirm that a message or file has not been modified. Hash algorithms do not use keys, you can use any binary file, and run it through one of these hashing algorithms and get the same value.

The older MD5 or message digest five hashing algorithm creates a 128-bit hash. Collisions have occurred with MD5, so it is no longer considered secure. Secure Hash Algorithm One, or SHA-1 creates a much stronger 160-bit hash value, and this is much more collision resistant than the MD5. SHA-2, also known as SHA-256, is currently considered to be the minimum standard for a secure hashing algorithm.

We also have SHA-384 and SHA-512. As the strength of the hashing algorithm increases, so does the overhead. It would take significantly longer to generate a SHA-512 hash value than it would in MD5. We can also use hashes to verify message authentication, such as with hashed message authentication codes, or HMAC.

This technology encrypts the hash with a shared secret key, and is used for integrity checking. When you enter your password into a Microsoft Windows system, that password is converted into a hash value. And it is stored as a hash, and transmitted as a hash, in order to prevent an eavesdropping attack, where someone is able to obtain the password.

Microsoft has provided several technologies for hashing passwords, such as Microsoft CHAP, LAN Manage hashes, or LM hashes, and TLAN man hashes, and TLAN hashing Manager Version Two, and now Kerberos. You should remember for the CISSP exam, that the MD5 algorithm generates a 128-bit hash value, and the SHA-1 algorithm generates a 160-bit hash value.

We can use a hashing algorithm to validate data. By comparing two hash values, one made from the original, and one made from the copy. Many times when you download a file from a website, the website provides you with a hash value. So that you can conduct a verification on the file that you download to ensure that it has not been modified without the company's authorization.

And also to ensure that you downloaded a correct copy of the file, and that there was no errors while downloading. So for example, here we have this hash on click setup.exe, and they provide us with a SHA-1 hash value on the website. Once we download this file, we can conduct our own SHA-1 hashing on this file, and see that the hash values match.

Once we know that the hash value matches, we know that we have received a genuine copy of the file as it was prepared by the manufacturer. When we use hash values to protect our passwords, such as in Microsoft CHAP and with our domain logins, we are only transmitting a hash of the user's password on the wire.

We are not transmitting the user's password in clear text. The passwords are stored in the system using hashing algorithms rather than clear text passwords, which makes it harder for an attacker to recover the user's password. Windows NT LAN Man Version Two is a secure proprietary hash developed by Microsoft.

We can use a birthday attack in order to try to generate a collision, and determine what a user's password is. There are pre-calculated rainbow tables that you can purchase that contain a list of passwords and their calculated hashes. The way that an attacker would use this, is they access the hashed passwords on a Windows system.

They then look up those hash values in a rainbow table, and they're able to match it to the user's password. And then they can log in as the user. You should be familiar with the term rainbow tables because this is something you may see on the CISSP exam.

You can attempt to defeat rainbow table attacks by adding salt, or some type of padding to the beginning of the password before you hash them. This can be done either with an initial vector or some type of padding. This can increase security by making the user's password longer, such as more than 15 characters.

Most rainbow tables do not provide passwords over 15 characters in length because computing passwords lengthier than 15 characters is not computationally feasible. This concludes our cryptography fundamentals module. Thank you for watching.