Hashing

Question 1

Hash

Answer 1

A one-way cryptographic function which takes an input and produces a unique message digest

Question 2

MD5

Answer 2

Message Digest 5:

Algorithm that creates a fixed-length 128-bit hash value unique to the input file

Question 3

Collision

Answer 3

Condition that occurs when two different files create the same hash digest

Question 4

SHA

Answer 4

Secure Hash Algorithm

SHA1
Algorithm that creates a fixed-length 160-bit hash value unique to the input file

SHA2
Family of algorithms that includes SHA-224, SHA-256, SHA-384, and SHA512

SHA3
Family of algorithms that creates hash digests between 224-bits and 512- bits

Question 5

RIPEMD

Answer 5

RACE Integrity Primitive Evaluation Message Digest:

An open-source hash algorithm that creates a unique 160-bit, 256-bit, or 320-bit message digest for each input file

Question 6

HMAC

Answer 6

Hash-based Message Authentication Code:
Uses a hash algorithm to create a level of assurance as to the integrity and authenticity of a given message or file
• HMAC-MD5
• HMAC-SHA1
• HMAC-SHA256

Question 7

Hashing: Digital Signatures

Answer 7

Digital signatures prevent collisions from being used to spoof the integrity of a message

Digital signatures use either DSA, RSA, ECDSA, or SHA

Question 8

Code Signing

Answer 8

Uses digital signatures to provide an assurance that the software code has not been modified after it was submitted by the developer

Question 9

LANMAN (LM Hash)

Answer 9

Original version of password hashing used by Windows that uses DES and is limited to 14 characters

Question 10

NT LAN Manager Hash (NTLM Hash)

Answer 10

Replacement for LM Hash that uses RC4 and was released with Windows NT 3.1 in 1993

Question 11

NTLMv2

Answer 11

Replacement for NTLM Hash that uses HMAC-MD5 and is considered difficult to crack

NTLMv2 is used when you do not have a domain with Kerberos for authentication

Question 12

Hashing Attacks: Pass the Hash

Answer 12

A technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the associated plaintext password

Difficult to defend against

Mimikatz:
A penetration testing tool used to automate the harvesting of hashes and conducting the Pass the Hash attack

Question 13

Hashing Attacks: Birthday Attack

Answer 13

Technique used by an attacker to find two different messages that have the same identical hash digest
▪ 99% chance of finding a matching birthday in a 57-person group
▪ 50% chance of finding a matching birthday in a 23-person group

Collision
Occurs when two different inputs to a hash create an identical hash digest output

Question 14

Increasing Hash Security: Key Stretching

Answer 14

A technique that is used to mitigate a weaker key by performing multiple processes

WPA, WPA2, PGP, bcrypt, and other algorithms utilize key stretching

bcrypt: Generates hashes from passwords, uses Blowfish to perform multiple rounds of hashing

Question 15

Increase Hash Security: Salting

Answer 15

Adding random data into a one-way cryptographic hash to help protect against password cracking techniques

A “nonce” is used to prevent password reuse