Shellfish Systems and Security

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Hashing+
Copy link
Facebook
Email
Notes
More

Hashing+

No, not the food

BowTiedCrawfish
Feb 09, 2022
2

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Hashing+
Copy link
Facebook
Email
Notes
More
Share

Hello all.

Have you forgotten your password before? Ever wonder why the website can’t just tell you what it is? This post will discuss the magic of hashing and why we have to go through all of that effort to reset a password.

As always, this will discuss the Security+ hashing curriculum. I highly recommend reading last week’s post on cryptography if you haven’t already so that you are up to speed on all of the language and phrases I’ll be using

Let’s define it. Hashing is a one-way cryptographic function which takes an input and produces a unique message digest. As it is a one-way function, you cannot go back from a hash output to retrieve it’s input (feasibly). This is fundamentally different from cryptography as cryptography is a two-way function.

Passwords are never stored in plaintext. They are hashed to increase security. If a company is hacked and database entries are leaked, your password has one last failsafe to keep your information secure. Even if you have a strong password, you should change it anyways once you realize that its hash has been leaked.

Neopets, if you are old enough to remember that game, stored your passwords in plaintext. When it was pwned, the plaintext passwords could be used as logins for other online services. Every normy (hopefully not you) uses the same password for everything, so imagine how many different accounts across multiple websites were at risk.

Let’s hash 2 inputs, right now.

crawfish: decf53fbf4e2729e3c271de1274deaba
crayfish: d81432540815a7cb06f04cb68f02985d

As you can see, just changing a single letter from the input produces a wildly different hash. The power of hashing is that it is supposed to produce a unique output per every input. Hash digests (its output) are always the same length (when used with the same hashing algorithm).

Hashing algorithms are based on complexity. The longer the digest of the algorithm, the more possible outputs that can be produced. E.g. a 128-bit algorithm produces 2^128 possible outputs compared to a 256-bit algorithm which would produce 2^256 possible outputs.

Hashing is used everywhere, much like cryptography. It is built on the premise of integrity.

Upon altering an image, even if you change a single pixel, you will change it’s hash. This validation technique is called using a checksum. Checksums are used to validate that files or messages have could have been modified.

This is a very long sentence that needs to be verified for authenticity
This is a very long sentencd that nefds to be verified for suthenticity

VS

b3d7509bf2e0c332519796cd60a564bf
9ff159b86c8dabdec428076f565a10f1

It is much easier to compare a single hexadecimal value rather than compare a multitude of different characters. TCP communications use checksums to assure that the message sent is unchanged.

If you remember the Cryptography post, we briefly touched on digital signatures. Digital signatures are to prevent collisions from being used to spoof the integrity of a message. There is a type of digital signature called a code signing which provides assurance that software code was not modified after its submission. Code signing is used with app developing for Apple/Samsung.

Let’s look at a few hashing algorithms:

MD5

MD5 or Message Digest 5 is a commonly used algorithm. It produces a fixed-length 128-bit digest.

THIS HAS KNOWN COLLISIONS meaning that there are documented, different inputs into the algorithm that produce the same output.

SHA-1

Dubbed the Secure Hash Algorithm and supersedes MD5. SHA-1 is the first iteration of this algorithm and produces 160-bit digests. This algorithm also has known collisions.

SHA-2

SHA-2 is a family of hashing functions which include SHA-224, SHA-256, SHA-348, and SHA-512 which produce their signified bit digests.

SHA-3

SHA-3 is the newest family of hashing functions and produces digests from 224-bit to 512-bit depending on the algorithm. SHA-3 uses over 120 rounds of computations to increase its digest complexity.

RIPEMD

The RACE Integrity Primitive Evaluation Message Digest is an open-source hashing algorithm that creates 160-bit, 256-bit, or 320-bit digests.

HMAC

Called the Hash-based Message Authentication Code, HMAC is used to verify integrity and authenticity of a given message/file. HMAC also uses other hashing algorithms to perform its verification, examples being HMAC-MD5 and HMAC-SHA1.

LANMAN

The LAN Manager (LM) Hash is the original version of hashing used by Windows. It uses DES and is limited to 14 characters.

NT LANMAN

NTLM replaced LANMAN and uses RC4. It was released in 1993.

NTLMv2

A replacement for NTLM that uses HMAC-MD5. It is the modern Windows hashing algorithm that is on every Windows machine. NTLMv2 is used when you do not have a domain with Kerberos for authentication.

For the exam, know that 1: hashing is used for integrity, 2: MD5 and SHA are the most commonly used hashes, and 3: MD5 is less secure than SHA.

Hashing is an incredible tool used to verify messages and secure data. However, hashes can be abused by attackers to circumvent their security. There are several hash attacks. We will discuss 2 here, and the others will be discussed in a future password post since they are dubbed as password attacks.

Pass the Hash

As you now know, passwords are stored in their hash values. Therefore, the database is expecting a hash value to compare with. A pass the hash attack abuses the knowledge of a password’s hash value for an attacker to attempt to authenticate him or herself without knowing the plaintext version of the password.

Pass the hash attacks are difficult to defend against since they rely on exploits in a system for the attack to work. As mentioned in the malware post, zero-days can’t exactly be defended against.

Mimikatz is a penetration testing framework that can automatically harvest credentials and conduct a pass the hash attack.

Birthday Attack

A birthday attack is a technique that uses collisions in a hash function to authenticate oneself. As mentioned before, MD5 and SHA-1 have collisions. It gets the name from the birthday paradox. The solution to birthday attacks is to use hashing algorithms with much higher possible combinations such as SHA-256 and SHA-512.

Hashing security can be improved even further through a variety of techniques.

Key Stretching

Key stretching is a technique that is used to migrate a weaker key by increasing the time needed to crack it. WPA, WPA2, PGP, and bcrypt are examples of hashing algorithms that utilize key stretching.

Salting
Twitter avatar for @BowTiedHitman
BowTiedHitman.btc 🀄️🌪 @BowTiedHitman
Mfs be talking about salting the hash... You would think they're talking about breakfast or drugs....
11:11 PM ∙ Feb 6, 2022

Salting is the action of random data onto a password before hashing it to increase the hash’s security by protecting it from password attacks. The standard salt length is 16+ characters.

Nonce

A nonce is an arbitrary number used just once in addition to a message. Nonces help prevent the use of replay attacks.

Login Attempt Limiting

An attacker can attempt to brute force their way into logging into a machine if there are an unlimited attempts. Limiting the number of attempts will assist in such attacks.

Thus concludes this post. Thanks for reading!

2

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Hashing+
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 BowTiedCrawfish
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More