Key Terms Plaintext: Data before encryption or hashing, often text but could be photo or other file Encoding: a form of data representation like base64 or hexadecimal. Immediately reversible Hash: output of a hash function Brute Force: attacking cyptography by trying every combination of values from a given list Cyptanalysis: attacking cryptography by fiding a weakness in the underlying maths
Hash Function -Impossible or extremely difficult to go back from output back to input -takes data of any size -creates a summary of data -output is a fixed size -good hashing function are fast to compute and slow to reverse -small change in input results in extremely different result in output -pw verification uses hashing
Hash Collision -when 2 different inputs give the same output -Pigeonhole effect is given there are a set number of different outputs, if there are more inputs than outputs, some inputs must give the same output -MD5 and SHA1 are technically insecure due to hash collisions separately -MD5 collision: https://www.mscs.dal.ca/~selinger/md5collision/ -SHA1 collision: https://shattered.io/
Hashing uses -data integrity -pw verification -if two users have the same pw, the hash will return the same output -rainbow tables are used to crack hashes -protect against rainbow tables by salting passwords
Recognising password hashes -hash in web app, md5 -unix style pw have prefix roundshash -windows pw, NTLM -Linux pw, stored in /etc/shadow (normally only readable by root) -windows stores in SAM (tools like mimikatz help to dump hashes) - md5crypt, cisco and older linux/unix systems , , , , - Bcrypt (web apps) - sha512 crypt (default for linux/unix systems)
Password Cracking -GPUs useful in mutliple math hash functions -hashcat best run on host, can be run from powershell -John the ripper uses CPU so works in a VM out of the box -never use —force becaue it produces false results
- analyze hash to find the hash type
- hashcat help grep the type of hash to get the code
- hashcat -m [code] [hash] [pwlist] use https://hashes.com/en/decrypt/hash
Hashing for Integrity checking -used for checking files haven’t been changed -if a single bit changes, hash changes by a lot -if two pictures have the same hash, they are the same picture Hmacs -method of using cryptographic hashing function to verify the authenticity and integrity of data -used to ensure the person who created the HMAC is who they say they are (Authenticity) -and messages hasn’t been corrupted (Integrity)