Question

Write a 2 -3 page paper on how one can use hash values to log into a system, crack a network, etc.
Be sure to explain how hash values are used and misused in a system. 

Answer 1

Hashing is making into a small or cutting into a pieces.

Hash values can be thought of as fingerprints for files. The contents of a file are processed through a cryptographic algorithm, and a unique numerical value – the hash value - is produced that identifies the contents of the file. If the contents are modified in any way, the value of the hash will also change significantly. Two algorithms are currently widely used to produce hash values: the MD5 and SHA1 algorithms.

In cryptography, a hash fun. is a mathematical algorithm that maps data of any size to a bit string of a fixed size.

hashing is like encode a msg you have send into a mathematical code by specific algorithm and again decode to user in other side. to keep msg safe.

Commonly used hashing algorithms include Message Digest (MDx) algorithms, such as MD5, and Secure Hash Algorithms (SHA), such as SHA-1 and the SHA-2 family that includes the widely used SHA-256 algorithm

In bitcoin, integrity and block-chaining use the SHA-256 algorithm as the underlying cryptographic hash function. Let's look at a hashing example using SHA-256 and Python.

Hash functions behave as one-way functions by using mathematical operations that are extremely difficult and cumbersome to revert such as the modulo operator.

Using Cryptographic Hashing for More Secure Password Storage

A deterministic function is a function that given the same input always produces the same output. This is vital for authentication since we need to have the guarantee that a given password will always produce the same hash; otherwise, it would be impossible to consistently verify user credentials with this technique.

To integrate hashing in the password storage workflow, when the user is created, instead of storing the password in cleartext, we hash the password and store the username and hash pair in the database table. When the user logs in, we hash the password sent and compare it to the hash connected with the provided username. If the hashed password and the stored hash match, we have a valid login. It's important to note that we never store the cleartext password in the process, we hash it and then forget it.

Whereas the transmission of the password should be encrypted, the password hash doesn't need to be encrypted at rest. When properly implemented, password hashing is cryptographically secure. This implementation would involve the use of a salt to overcome the limitations of hash functions.

Authentication Methods

Something you know: Examples of this are your good-old password, bank card PIN or a safe-word when the alarm company calls your home; these are all examples of using something you know to authenticate yourself.

Something you have: Examples are a swipe card to access a secure area, a code sent to your cellphone as part of a login process (to prove you have your cellphone) or a SecureID token that provides a constantly changing code you need to enter to gain access – all are something you have that can be used to authenticate yourself.

Something you are: This is where biometric security comes in. To access our data center we have to put our index finger on a fingerprint scanner after swiping a card. Unless you steal someone’s index finger you won’t be able to access our data center, even if you’ve stolen a valid swipe card. Other biometric systems include retinal scans (the blood vessels at the back of the eye) and iris scans (the colored part of the eye).

Other attributes used for authentication: A few other attributes that you occasionally see used for authentication are:

• Somewhere you are. E.g. at a physical address able to receive snail mail.
• Something you can do. E.g. accurately reproduce a signature.
• Something you exhibit. E.g. a neurological trait that can be scanned by an MRI.
• Someone you know. E.g. that can be validated by a social network graph or chain of trust.

Our focus in this article is passwords. Most of us see them as an inconvenience – something you have to tolerate to be able to use a service you need access to. In this article we’re going to explain how computer systems have evolved in the way they process your password, how modern online applications do authentication and why it’s important to choose a strong password. Once you finish reading this you should have a working knowledge of hashing algorithms, how password cracking works and what “strong password” really means.

Plain Text Passwords

In the early days of computers and mainframes, passwords were stored in a database as plain text. When you wanted to sign-in, a gatekeeper application would ask you for your password. It would take whatever you typed in and check if it was equal to whatever it had stored in the database and if true, you were granted access.

As the Internet evolved and grew, malicious hackers started gaining unauthorized access to systems. Once they were in, they would immediately download the plain-text password database and have instant access to all users passwords. Developers and systems administrators needed to come up with a solution to this problem and the solution they came up with was ‘password hashing’.

Understanding Password Hash Salting

How Salts Work

A rainbow table attack relies on a hacker being able to take a dictionary and pre-computed hashes of the words in that dictionary and compare those hashes to the hashes in a password database. To defeat rainbow tables, the information security community invented “salted hashes”. The concept is relatively simple:

When you create a new password, instead of just running the password on its own through a hashing algorithm, you do the following: Generate a random little piece of text. Put that text at the beginning of the password. Then run the combination of the little piece of text and the password through a hashing algorithm. Then you store the little piece of text (as plain text) and the resulting hash. That little piece of text is called a “Salt”.