Cryptographic Hashing and its Importance

Cryptographic hashing involves converting data into fixed-size values for secure storage and verification purposes. It plays a vital role in data security, ensuring integrity and confidentiality. This article explores hashing algorithms, applications, collisions, and the best practices for storing sensitive information.

• Cryptography
• Hashing Algorithms
• Data Security
• Information Protection
• Cybersecurity

vick621 Follow

Uploaded on Feb 15, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Cryptographic Hashing Prof. Dr. Hassan Shaaban Prepared By: Abdelrhman Youssef Shawky

2. Content Intro Hashing Algorithms Applications Collisions Hash Cracking

3. Question How should sensitive data be stored and why?

4. What is a Hash function A cryptographic hash function (CHF) is a hash function that is suitable for use in cryptography. It is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit string of a fixed size (the "hash value", "hash", or "message digest") and is a one-way function,

6. Why Hashing Algorithms are used Verifying file integrity. Hashing passwords. Digital Signing.

7. Hashing vs Encryption

8. Common Hashing Algorithms SHA (Secure Hashing Algorithms). MD (Message Digest). LANMAN. NTLM.

9. Message Digest 5 Hashing Algorithm MD5: This is the fifth version of the Message Digest algorithm. MD5 creates 128- bit outputs. MD5 was a very commonly used hashing algorithm. That was until weaknesses in the algorithm started to surface. Most of these weaknesses manifested themselves as collisions. Because of this, MD5 began to be phased out.

10. MD5

11. What is a Collision

12. Hashing Collision

13. Secure Hashing Algorithm In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest typically rendered as a hexadecimal number, 40 digits long. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard.[3] Since 2005 SHA-1 has not been considered secure against well-funded opponents,[4]as of 2010 many organizations have recommended its replacement.[5][6][7]NIST formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013. As of 2020, attacks against SHA-1 are as practical as against MD5;[8]as such, it is recommended to remove SHA-1 from products as soon as possible and use instead SHA-256 or SHA-3. Replacing SHA-1 is urgent where it is used for signatures. All major web browser vendors ceased acceptance of SHA-1 SSL certificates in 2017.[9][10][11]In February 2017, CWI Amsterdam and Google announced they had performed a collision attack against SHA-1, publishing two dissimilar PDF files which produced the same SHA-1 hash.[12][2]

14. Secure Hashing Algorithm SHA-1 -- Collision Warning. SHA-256 SHA-512

15. SHA-1 Collision

16. Password Hashing - 1/2

17. Password Hashing - 2/2

18. Hash Cracking Since Hashes are can t be reverted. There are multiple techniques to crack them. We will only discuss 2 techniques. Brute forcing. Dictionary based attacks.

19. Brute forcing A brute force attack is an attempt to crack a password or username or find a hidden web page, or find the key used to encrypt a message, using a trial and error approach and hoping, eventually, to guess correctly. This is an old attack method, but it's still effective and popular with hackers. Depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to many years. In fact, IBM reports that some hackers target the same systems every day for months and sometimes even years.

20. Dictionary based attacks A dictionary attack is based on trying all the strings in a pre-arranged listing, typically derived from a list of words such as in a dictionary (hence the phrase dictionary attack).[1]In contrast to a brute force attack, where a large proportion of the key space is searched systematically, a dictionary attack tries only those possibilities which are deemed most likely to succeed. Dictionary attacks often succeed because many people have a tendency to choose short passwords that are ordinary words or common passwords, or simple variants obtained, for example, by appending a digit or punctuation character. Dictionary attacks are relatively easy to defeat, e.g. by using a passphrase or otherwise choosing a password that is not a simple variant of a word found in any dictionary or listing of commonly used passwords.

21. Famous leaks

23. Password Lists

24. Resources Hashing https://en.wikipedia.org/wiki/Hash_function Hash Algorithms https://www.sciencedirect.com/topics/computer-science/hashing-algorithm MD5 Collision https://www.links.org/?p=6 MD5 Collision Demo https://www.mathstat.dal.ca/~selinger/md5collision/ Breaking Hash Functions https://link.springer.com/chapter/10.1007/11426639_2 SHA-1 Collision Announcement https://security.googleblog.com/2017/02/announcing-first-sha1- collision.html