| A one-way cryptographic function which takes an input and produces a unique message digest |
| Message Digest 5: Algorithm that creates a fixed-length 128-bit hash value unique to the input file |
| Condition that occurs when two different files create the same hash digest |
| Secure Hash Algorithm SHA1
Algorithm that creates a fixed-length 160-bit hash value unique to the input file SHA2
Family of algorithms that includes SHA-224, SHA-256, SHA-384, and SHA512 SHA3
Family of algorithms that creates hash digests between 224-bits and 512- bits |
| RACE Integrity Primitive Evaluation Message Digest: An open-source hash algorithm that creates a unique 160-bit, 256-bit, or 320-bit message digest for each input file |
| Hash-based Message Authentication Code: Uses a hash algorithm to create a level of assurance as to the integrity and authenticity of a given message or file • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 |
Hashing: Digital Signatures | Digital signatures prevent collisions from being used to spoof the integrity of a message Digital signatures use either DSA, RSA, ECDSA, or SHA |
| Uses digital signatures to provide an assurance that the software code has not been modified after it was submitted by the developer |
| Original version of password hashing used by Windows that uses DES and is limited to 14 characters
|
NT LAN Manager Hash (NTLM Hash) | Replacement for LM Hash that uses RC4 and was released with Windows NT 3.1 in 1993 |
| Replacement for NTLM Hash that uses HMAC-MD5 and is considered difficult to crack NTLMv2 is used when you do not have a domain with Kerberos for authentication |
Hashing Attacks: Pass the Hash | A technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the associated plaintext password Difficult to defend against Mimikatz:
A penetration testing tool used to automate the harvesting of hashes and conducting the Pass the Hash attack |
Hashing Attacks: Birthday Attack | Technique used by an attacker to find two different messages that have the same identical hash digest
▪ 99% chance of finding a matching birthday in a 57-person group
▪ 50% chance of finding a matching birthday in a 23-person group Collision
Occurs when two different inputs to a hash create an identical hash digest output |
Increasing Hash Security: Key Stretching | A technique that is used to mitigate a weaker key by performing multiple processes WPA, WPA2, PGP, bcrypt, and other algorithms utilize key stretching bcrypt: Generates hashes from passwords, uses Blowfish to perform multiple rounds of hashing |
Increase Hash Security: Salting | Adding random data into a one-way cryptographic hash to help protect against password cracking techniques A “nonce” is used to prevent password reuse |
