Section 25: Hashing
Increasing Hash Security (OBJ 2.8 & 3.7)
- Key Stretching: a technique that is used to mitigate a weaker key by increasing the time needed to crack it. - WPA, WPA2, PGP, bcrypt, and other algorithms utilize key stretching. - Salting: adding random data into a one-way cryptographic hash to help protect against password cracking techniques. - A "nonce" is used to prevent password reuse.
Hashing (OBJ 1.2, 2.8 & 3.2)
Hashing: a one-way cryptographic function which takes an input and produces a unique message digest. Message Digest 5 (MD5): Algorithm that creates a fixed-length 128-bit hash value unique to the input file. Collision: condition that occurs when two different files create the same hash digest. Secure Hash Algorithm -SHA-1 : Algorithm that creates a fixed-length 160-bit hash value unique to the input file. - SHA-2: family of algorithms that includes SSHA-224, SHA-256, SHA-348, and SSHA-512. - SHA-3: family of algorithms that creates hash digests between 224-bits and 512-bits. - RACE Integrity Primitive Evaluation Message Digest (RIPEMD): An open-source hash algorithm that creates a unique 160-bit, 256-bit, or 320-bit message digest for each input file. - Hash-based Message Authentication Code (HMAC): Uses a hash algorithm to create a level of assurance as to the integrity and authenticity of a given message or file. - HMAC-MD5 - HMAC-SHA1 - HMAC-SHA256 Digital signature prevent collisions from being used to spoof the integrity of a message. Digital signatures use either DSA, RSA, ECDSA, or SHA. Code Signing: uses digital signatures to provide an assurance that the software code has not been modified after it was submitted by the developer. LANMAN (LM Hash): original version of password hashing used by Windows that uses DES and is limited to 14 characters. NT LAN Manager Hash (NTLM Hash): Replacement to LM Hash that uses RC4 and was released with Windows NT 3.1 in 1993. NTLMv2 Hash: Replacement to NTLM Hash that uses HMAC-MD5 and is considered difficult to crack. NTLMv2 is used when you do not have a domain with Kerberos for auth. Exam Tips: Instantly match integrity and hashing on the exam. MD5 and SHA are the most common hash function used.
In an effort to increase the security of their passwords, Dion Training has added a salt and cryptographic hash to their passwords prior to storing them. To further increase security, they run this process many times before storing the passwords. What is this technique called? - Key stretching - Rainbow table - Salting - Collision resistance
Key Stretching
Keith wants to validate the application file that he downloaded from the vendor of the application. Which of the following should he compare against the file to verify the integrity of the downloaded application? - File Size and file creation date - MD5 or SHA1 hash digest of the file - Private key of the file - Public Key of the file
MD5 or SHA1 hash digest of the file
Hashing Attacks (OBJ 1.2, 1.3, & 2.8)
Pass the Hash: a technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the associated plaintext password. Pass the Hash is difficult to defend against. Mimikatz: a penetration testing tool used to automate the harvesting of hashes and conducting the Pass the Hash attack. -only use a trusted OS -Patch./update workstations -use multifactor authentication -use least privilege Birthday Attack: technique used by an attacker to find two different messages that have the same identical hash digest. 99% chance of finding a matching birthday in a 57 person group. 50% chance of finding a matching birthday in a 23 person group.
Which of the following hashing algorithms results in a 160-bit fixed output? - MD5 - SHA1 - NTLM - SHA2
SHA 1