GithubFeedbackLinkedinOfficial WebsiteX

Hashing Algorithms 🛠️

MD5 (Message-Digest Algorithm 5) 📜

  • Introduction: Developed in the early 1990s, MD5 generates a 128-bit hash digest from 512-bit blocks.

  • Issues:

    • Design Flaw: Discovered in 1996, leading cryptographers to recommend SHA1 as a more secure alternative.

    • Collision Vulnerability: By 2004, it was found that MD5 was susceptible to hash collisions, allowing different inputs to produce the same hash.

    • Exploitation: In 2008, researchers demonstrated creating a fake SSL certificate using MD5 collisions, leading to serious security breaches like the Flame malware in 2012.

  • Recommendation: By 2010, it was advised to stop using MD5 for cryptographic applications due to its vulnerabilities.

SHA1 (Secure Hash Algorithm 1) 🔐

  • Introduction: Part of the Secure Hash Algorithm suite published by NSA in 1995. It generates a 160-bit hash digest from 512-bit blocks.

  • Usage: Employed in various protocols like TLS/SSL, PGP/SSH, IPSec, and version control systems like Git.

  • Vulnerabilities:

    • Weaknesses: Theoretical attacks were developed in the 2000s, with practical implications emerging in 2015. A full collision attack was estimated to be feasible with significant computing resources.

    • Full Collision: In 2017, researchers published the first full SHA1 collision, using substantial CPU and GPU resources equivalent to 6,500 years of a single CPU and 110 years of a single GPU.

  • Recommendation: SHA1 should be replaced with SHA2 or SHA3 due to its vulnerabilities.

Message Integrity Check (MIC) vs. Message Authentication Code (MAC) 🔍

  • MIC (Message Integrity Check):

    • Function: A hash digest of a message ensuring that its contents remain unchanged during transit.

    • Limitations: Does not use secret keys, hence it does not authenticate the message. It is susceptible to tampering if an attacker can recompute the checksum.

    • Use Case: Protects against accidental corruption or loss, but not against intentional modifications.

  • MAC (Message Authentication Code):

    • Function: Provides both integrity and authentication by using a secret key.

Summary 📜

  • MD5: Once popular but now obsolete for cryptographic purposes due to serious vulnerabilities and hash collisions.

  • SHA1: Still used but vulnerable to collisions, and should be replaced by more secure algorithms like SHA2 or SHA3.

  • MIC: Ensures data integrity but does not offer message authentication.

🔐📉💻

Hashing Algorithms and Security Measures 🔐

Authentication and Password Hashing 🔑

  • Importance of Hashing:

    • Why Hash Instead of Plain Text: Storing passwords in plain text is insecure. If a system is compromised, attackers would gain access to all user passwords.

    • Hashing Process: Instead of storing passwords directly, systems store a hash of the password. During login, the entered password is hashed and compared to the stored hash. If they match, authentication is successful.

Brute Force Attacks 🛡️

  • Definition:

    • An attacker tries all possible input values to find a match for a hashed password.

    • Computational Intensity: Brute force attacks are time and resource-intensive. Theoretically, any system can be attacked with unlimited resources, so the goal is to make this process impractically difficult.

  • Mitigation:

    • Hashing Iterations: Increasing the number of times a password is hashed (e.g., thousands of times) makes brute force attacks more difficult and time-consuming.

Rainbow Tables 🌈

  • Definition:

    • A precomputed table of possible passwords and their corresponding hashes.

    • Purpose: Speed up the process of cracking hashed passwords by looking up precomputed values instead of hashing each guess.

  • Protection Against Rainbow Tables:

    • Salting: Adding a unique, random value (salt) to the password before hashing.

      • How It Works:

        • A random salt is concatenated with the password and hashed together.

        • The salt is stored along with the hash, making each password hash unique.

      • Impact: Attackers would need to generate a separate rainbow table for each possible salt value, making it computationally and storage-wise impractical.

  • Salt Size:

    • Early Systems: Used 12-bit salts (about 4,096 possible values).

    • Modern Systems: Use 128-bit salts (over 340 undecillion possible values), raising the difficulty to infeasible levels.

Summary 📜

  • Hashing: Essential for secure password storage. Avoids storing sensitive data in plain text.

  • Brute Force Attacks: Difficult to prevent entirely but can be mitigated by increasing the number of hashing iterations.

  • Rainbow Tables: Precomputed tables of hashes can be defeated by using salts, which make each password hash unique and harder to crack.

🔑🛡️💻

PreviousHashing 🔍Next4.Cryptography Applications

Last updated