Advanced Bob Crypto Alice 3. Hashing and Authentication MD2. MD4. MD5. SHA-1. Salting. Collisions. Eve Murmur and FNV. Bloom Filter. LM Hash. Whirlpool. RIPEMD (RACE Integrity Primitives Evaluation Message Digest). GOST. Tiger. Trent SHA-3. Bcrypt. PBKDF2. Open SSL Hash passwords. Secret Shares. One Time Passwords. Timed One Time Password (TOTP). Hashed One Time Password (HOTP). HMAC. Time Stamp Protocol. http://asecuritysite.com/crypto Author: Prof Bill Buchanan Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
Trent Hash Types
http://asecuritysite.com/crypto Author: Prof Bill Buchanan AuthenticationMessage Hash H o E v w e
d o B t m i c f W f h i a n
o E o e i n g w b t d
h v
e d h e i
f r a a i o
p e e h t
p r a d a i e
n
s a s w S g f t
u
n w l i y l e o y e i g
o
t t t e l f h
n
v l l a
a e t
h t f d u i e n
r b
g e M y e .
D P r - 5 r p o
r h f i
n a R s t
o h f o n
r
R
d i D H a v e a t e l l t a o a s .
? t H h t o i
s w
o
a k r M a e y
D y ? o 5 u
? h a I s s h A
u a t h l o g r : o
P r r o i f t
B h i l l m
B u c h a n a n AuthenticationMessage Hash H H e e l l B l l o o o b . .
H H N N H H h h o o a a e e e e w w p p l l l l l l i i
l l o o e e a a o o r r r r e e
y y o o u u ? ? - A
1 l g 2 8 o H
r b i a t i 8 C 8 5 s t h
C F B D h s m i 8 7 1 4 i g n
( A 3 0 1 n g M a 9 5 8 4 D t 9 7 1 0 u 5 5 1 5 2 r e ) 3 F A 3 j C i X 9 C B 9 4 y x U 3 C 8 4 N s q F 2 4 7 6 X D Z A 4 B B 1 H E U K A 2 F 1 5 5 8 r E 9 A 2 M j R x 4 A 7 9 + k h L E D 6 6 r E Z K 2 8 A B k p O n 3 3 8 9 M 4 a U a 3 D 2 7 D j 5 o b 7 B 7 1 5 J 1 c C A 7 E 9
6 3 Z Y B 3 B D h a N v 2 Z F 7 F 9 s 1 4 R t 9 8 5 1 h A E M x T C 0 3 1
u a t B F H d 2 0 0 4 h l B o g f X g s 3 5 1 7 r : o a
F H E F P 9 5 7 8 H r r s o k 1 t i C B C 0 i f t e
e B h g w g w F 7 5 4 i x l - l m
B 0 D 9 6 B u 4 6 F 7 2 c h a n a n AuthenticationMessage Hash H H e e l l B l l o o o b . .
H H N N H H h h o o a a e e e e w w p p l l l l l l i i
l l o o e e a a o o r r r r e e
y y o o u u ? ? A -
l 1 g 6 o 0 r H
i b t a h i s B 3 F A t m
F A E 7 h s F 8 F E
i i g v P 9 q ( n 1 F 8 4 S n 4 / u v B 9 C 7 g H a 6 1 E 6 + h T G 8 0 3 1 t A u G 2 e x 2 5 B D - r A H i N A 7 6 D 1 e 5 E B C 3 m d a ) 6 F B C z 7 u V 8 A 2 5 F 6 y o 7 6 E E 7 E 0 8 b 4 6 d 6 9 1 A 2 J K h 6 B 2 8 t L j b F E 7 D 4 A 0 A w a q 0 9 B F 1 k v E 9 4 3 E 3 G 5 1 t 6 5 D 9 4 A E 9 R l p 4 S 5 0 7 5 2 P b d H 6 B D F T O T e 4 7 3 4 A 8 E D B q W F 0 - 1 5 6 4 A w 4 g t 8 C B E h 4 M s w 2 3 7 0 a C C 8 0 y 2 x s s C D C B A o d q a h 2 5 9 A u
t p n 6 b 8 A D A h a B o A 6 9 E O p Q d l r g : A 4 D D a
u Q q F P H o E 0 9 D r s o r C / 0 B 4 1 A r f e
e i B A 3 4 B o 8 A 0 t i x h l B 4 2 F - l
= = = = 6 B A F 0 D m u 4 c h a n a n AuthenticationMessage Hash c b d a o o S c b d a o o S o o r a l n f r a l n f e e l l
e e o o n n t t t t c c h h a t a t a a w w n n h h u u e e
k k e e t e t e
r r B
r r u u i i c c t t m m
t t a a o h h I I y y s s t t b n n n n i i
e e a o e e o o a a t t s s r r i i e e s n n s r r n n m m s s
r r t t s s
l l d d
n n
i i t t i i i . . i n n s s m o o
m e e m m s s k k
t t p s s p , , i i
o o o o
t w e e o o a a h b b n n c c r i r s s e t i i t s s t u u h l l
a a i i i , , t t r t t r r
h h n n
y y p e e a a p e e t
t h
n n
a a
h t t y y i i h h y s d d s r r y
e e s s e e w w s
s a a i
u u i i i c t t i i r r c l l l l w w e e
s s a l l - a A
s o o s o o l 1 l
l
g
2 8 o H
r b i a t i 8 F s t h
A h s 9 m i 8 i 4 g n
( B n F g M a i + D B D t o C U E u 5 v 3 + r D e ) c F + 3 0 P F D 9 / 8 A g r 0 E A K g 0 0 A X 5 1 Z S D 9 F I 2 1 9 + 2 B a 7 3 D D 5 E M K 0 Y 6 D A 7 4 B 5 k A 3 9
H g 2 h 6 a b H 8 3 s E P 0 B h A 7 v 0 9
u a t w 2 A h 0 l B o g = = 0 r 7 : o a
P = = 1 6 H r r s o C i C f t e
e B h F 4 i x l - l m
B 6 B E u 4 F c C h a n a n Hash Hash methods OpenSSL sha md methods Hash supported 859 root MD root 5 root ( root stdin d 41402 2 2 5 1 b @ @ @ @ ( 6 pw )= kali kali kali kali a 9 )= be 5 abc : : : : d ~# ~# ~# ~# 859 3 41402 md b 4 openssl md echo echo md 45262 b b 4 4 2 6 5 a a abc sum pw 76 9 - - n “hello” n “hello” n be c b 4414 4 9719 3 b b md 2 45262 5 : a bd 76 pw d 5 5 911017 | | 1696 b md openssl md 9719 c 4414 5 ba sum d rmd c 91 592 911017 bd b pw b 160 160 1696 5 - c ba 592 91 sha b Author :
Prof Bill BuchananBillProf AuthenticationMessage Hash Z Z Z Z Z Z a A a a A A a 8 1 1 [ - [ T T S S S S c C c c c C a 2 2 - . p C P A A P H H H l C c c 5 5 - o a 3 3 3 : F f a A \ G G O P P P e T e l 2 2 - . i t i l e i u C O d R s i 0 0 - n h 3 . 1 1 1 W s l d M D ] L i E s e 8 4 - . t 2 0 0 0 i / f o . . . 1 t i L t S i n 5 3 - 2 2 2 n l e o L / D D . . a . b t 0 7 - 0 0 0 d d e . d d . . w . . . . r
L L c i - o r l l a
L L m l - H E C . a d c c f w s l l v c
i - L X H x l p p i s
p
t - P E M l x x l \
l S
y - e
y
c - n
s
p - a
t
l - m
e .
- e d
m
-
l
3
-
l
2
-
\
-
]
-
-
-
-
-
-
-
- A
-
1
-
l g
-
2
-
8 o H
-
r b a b 2 7 9 0 5 1 4 5 0 f - a c a d M i a t i c 0 6 b b 6 a c e 7 6 8 0 9 a - d D s t h b e f 4 b 8 4 0 5 a 7 7 c 9 a 6 e -
h s m 7 5 6 1 e 0 8 3 4 5 c 2 a f b 8 - i i e d d 1 s 9 e 2 3 3 5 7 e 7 e e 3 - g n
d e 6 u 3 6 6 2 c 1 b a 3 f 8 d 0 - ( n g M d 5 m c d 2 f 2 1 9 2 6 c 7 b 8 5 - A A a 8 1 1 [ - [ a p C P c C a 2 2 - f c a 1 4 4 9 7 c 8 3 f 8 e f e - D t 3 3 : o a c 5 5 - u d 7 4 7 e 2 d e 4 c 8 1 6 6 a b - a A \ i t l 2 2 - 5 c 7 1 d d 7 e e b a 6 e 4 c 5 2 - r u C n h W i 0 0 - e d M ] t i e 8 4 - f 6 3 f 4 1 9 d 8 5 e e 6 d 8 8 - ) i . 1
n n 5 3 - 3 d e 2 2 0 6 e b 2 3 0 2 2 b 0 - a . o / d t 0 7 - 7 7 9 c d 7 b c 5 8 a 8 b d 2 9 - c
. . w . . o - 8 e 4 6 d c 2 e 1 a 5 0 0 9 1 4 - m a d c c f a w -
x l p p i v s - 2 7 a 2 4 9 0 9 a 1 e a 2 8 3 9 - \
l x x l
- 7 7 5 d 8 d 7 c 5 e c 7 4 d 8 8 - s
e
- 4 9 3 3 7 c e d 9 6 a 1 f 6 c 4 - y
n
- s
a
- 5 1 5 6 a f 4 b 2 e a 7 8 7 a b - t
m
- 8 0 0 f 9 e 3 a c d 3 0 e 7 2 d - e
e
- 5 0 7 f 5 3 9 a 9 a 3 3 f 8 9 2 - m
- 9 a 7 3 2 1 4 3 f 7 d c f 0 6 f -
3
-
2
- b 1 6 1 3 d 1 8 e a 3 5 7 5 e 5 - \
- b 7 0 c 0 f 1 2 6 2 8 8 2 8 3 4 -
]
- f 2 6 c 2 3 6 0 e e 3 d c e 1 4 -
-
- f 7 5 c 2 9 6 c a 6 1 4 0 9 a 0 - M
- 0 7 9 2 2 3 3 5 a 9 c 3 9 8 a 4 -
- 9 5 3 7 4 f 4 a b b 6 f 6 4 b 0 - D
- 9 8 6 b b 6 f e a f 3 a a b 0 5 - 1 W S r C M v - 5 4 p W U g D q - · 6 3 8 f e 5 3 5 7 f b 0 c e 3 9 -
r g f / 5 X s - 4 8 5 c 9 b c d e f a 7 2 f b 2 - h g 9 r Y e W - t t g H 0 9 5 e 6 0 7 2 1 d 2 1 c 9 5 4 - h h a V H 3 s n i X - a a e a 6 8 k 9 u r e - f a a 1 a a f e 5 a 1 8 2 e 3 4 - s i H s n y t 2 z m K 3 z W -
h h
t Q y 2 C L O - A a h a h
m 0 3 s e x -
s u a
e s a s E o i a O S - t i v g y h h i z j X 1 7 U - l g e o
n g Y L 6 q n x - c
r n
a : s a b N I 4 0 r h - o
a t P y 2 x X j f - n e u i t r r g G F u c 4 o M -
e o r i b e f A j 0 d s u - r n t
n e e B h s m Q q Y q E -
i
c a
7 r b n E k - l f c l m a
h o v r 7 A t a - B t h r a r u u n 7 i 7 f F - e e
c n 1 K F m X H - f
c r h i u g l Q g A g w g - k a e e s e ======- n e s e a d ======- d , n d
- .
s
i f o t
o
AuthenticationMessage Hash F i l e s / f o l d e r s B o b - A
1 l g 2 8 o H
r b i a t i s t h
h s m i i g n
( n g M a D t u 5 r e ) M i c d t a w ( t S c T n h h 3 e e i n h H i v f D u u f l f r r d l 6 e a e
A t t m m 5 b i i
a · l f f r i d - i
i i f e b b e d . h c c 1
i . h i H t
p p n g . . d a a a h c 8 a h a e r r t i t t s h t e s , H i i 9 s e e n a a n n
h h e
t n t )
s A a l i h t t
w h
f
o c
s u y h w s a i e t a t i k
s i
g h
t h l b l h
h e s o l
n g
e
r a i
b d a : c s e o a
t t P
e , h n u i a n r
r g o
r i
c
e f f t
n i h B h s l e i a a
l l m a /
n c B t r g u e u e c e r
r h t u d i a e f s . n i c e a a n d t
e t o
Risk 4: One Password Fits All
150 million accounts compromised
# Count Ciphertext Plaintext ------1. 1911938 EQ7fIpT7i/Q= 123456 2. 446162 j9p+HwtWWT86aMjgZFLzYg== 123456789 3. 345834 L8qbAD3jl3jioxG6CatHBw== password 4. 211659 BB4e6X+b2xLioxG6CatHBw== adobe123 5. 201580 j9p+HwtWWT/ioxG6CatHBw== 12345678 6. 130832 5djv7ZCI2ws= qwerty 7. 124253 dQi0asWPYvQ= 1234567 8. 113884 7LqYzKVeq8I= 111111 9. 83411 PMDTbP0LZxu03SwrFUvYGA== photoshop 10. 82694 e6MPXQ5G6a8= 123123
47 million accounts 6.5 million accounts (June 2013) One account hack … leads to others
Dropbox compromised 2013 1 million accounts – in 200,000 client accounts plain text. 77 million compromised Brute Force - How many hash codes?
• 7 digit password with [a-z] … how many? • Ans: • Time to crack - 100 billion per second: • 7 digit with [a-zA-z] … how many? • Ans: • Time to crack – 100 billion per second: • 8 digit with [a-zA-z!@#$%^&*()] … how many? • Ans: • Time to crack – 100 billion per second: Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
Trent Other hash methods
http://asecuritysite.com/crypto Author: Prof Bill Buchanan Hash Hash methods fewerthan ofWindows tostore user passwords that are LM Hash SHA functioncompetition October competitionfor competingalgorithms methodsfor hashing method which did not usethe existing definedthere was a needfor newa hashing withtheoretical attacks on SHA shown to be susceptible toattacks VanAssche Joan Daemen a hash function designed byGuido Bertoni SHA - - 3 3 . standard SHA . 2012 LM Hash isused in manyversion SHA LM Hash LM 15 . - 3 MD characterslong , , Keccakwon theNIST hash - wasknown asKeccak and is Michaël Peeters 3 . 5 andSHA , , andproposedis theas andsetup a - 0 . Tiger have been - , 1 andGilles . , NIST thus along . In , samein their operation 0 MD padded with a byte of Tiger known attacks on MD file sharing networks 1995 designedby Ross Anderson andEli Biham in Tiger 10118 alternative to SHA source Preneel Dobbertin function 256 RIPEM Evaluation MessageDigest RIPEMD salt Bcrypt x 01 4 . - bitor , . . 2 . MD Otherwise the twomethods are the It isoften used by clients within Gnutella Tiger isa . . is anis addition 160 Thiscreates a hash value whichhas . , The It isused on TrueCrypt andwascreated Hansby 5 ( , Bcrypt RIPEMD RACE IntegrityPrimitives 320 . Antoon Bosselaers and Bart andSHA RIPEMD isa 160 - bitcryptographic hash 192 - bitversion isseen as an - 1 - , , ) , bithash function , 5 in whichthe messageis andispart ofISO anddoes notsuffer from 0 whereas in Tigerit is . x andSHA 80 128 ) ( in a similarway to andGOST - bit , Author - , 0 andisopen 160 / SHA :
, Prof Bill BuchananBillProf - andwas bit / . - IEC 1 , . Dig Cert Public key
Private key
Public key
Session Private key key Alice (Web) Bob
Symmetric
PBKDF2 Header (contains AES (Password- Twofish Based Key master keys) Password 3DES Derivation dkLen Function) Salt RFC 2898 RIPEMD-160 SHA-1 Whirlpool TrueCrypt
DK = PBKDF2(PRF, Password, Salt, c, dkLen) DK = PBKDF2(HMAC−SHA1, passphrase, ssid, 4096, 256) Encrypting disks Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
Trent Salting
http://asecuritysite.com/crypto Author: Prof Bill Buchanan
Encryption Salting 1 $ C 1 $ : \ $ password openssl fred 1 $ $ password fred bATAk > fred openssl passwd 8 $ UUH bATAk / IDAp 9 bATAk - sd 1 bATAk 6 - saltfred password IUv 8 UUH / fred 8 8 UUH UUH / IDAp / IDAp / IDAp 9 sd 9 sd 6 9 6 IUv sd IUv Author 6 / / : IUv
Prof Bill BuchananBillProf / # cat /etc/shadow root:$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1:15651:0:99999:7::: # openssl passwd -1 -salt Etg2ExUZ redhat $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
$ openssl version OpenSSL 1.0.1f 6 Jan 2014
$ openssl dgst -md5 file MD5(file)= b1946ac92492d2347c6235b4d2611184
$ openssl genrsa -out mykey.pem 1024 Generating RSA private key, 1024 bit long modulus ...... ++++++ ...++++++ e is 65537 (0x10001
$ openssl rsa -in mykey.pem -pubout > mykey.pub writing RSA key
$ cat mykey.pub -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXv9HSFkpM+ZoOQcpdHBZiUwX8 EzIKm0nsgjc5ZTYVaF9CMLtmKoTzep7aQX9o9nKepFt1kQ73Ta9vOPd6CX61/cgY Xy2tShw0imrtFaVDFjX+7kLmc0uWbFFCoZMtJxIaXaa9SV2kARxOCTJ2uOjRTCCe XU09IJGHnIhSNJeIJQIDAQAB -----END PUBLIC KEY-----
$ cat /etc/shadow root:$1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1:15651:0:99999:7:::
$ openssl passwd -1 -salt Etg2ExUZ redhat $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1 Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
Trent Collisions.
http://asecuritysite.com/crypto Author: Prof Bill Buchanan
Encryption MD5 Collision c e dd d 085125 55 2 d fcab 131 69821 99 8823 53 ad f 33420 e 340609 dd 2 e 5 bcb b 3156348 e 8 02 487 8 712467 Bob f c 6 f 7 5 a 577 da cdc f e 8839396 4 6 03 b eec eab ee f 99 30283 fd 5 8 bae fd 4693 79054025255 ce 02396306 4004583 91 f 54 6 e 965 dacd dbdf 4888325 d b 9 67080 a 2 0698 b 436 280373 eb 6 d ff 248 8 a c 7 fb aff The MD The 72 80 919 1415 cda 7 gives the same same the gives a d c f 95 70 1 c 5 89 e 0 6 b a c result FB 5 signature signature 1 c e dd d 085125 55 2 d A 69821 99 8823 fcab 131 53 ad 26 f 33420 e 340609 dd 2 e 5 E bcb 3 3156348 e 0 02 487 8 712467 4 f c BC 6 f 7 5 a 577 da cdc f e 8839396 4 6 422 03 b eec ee f 99 30283 eab fd 5 8 bae fd 4693 ce 02396306 4004583 AEF 91 f 54 6 e 965 dacd dbd 4888325 d b 9 67080 a 54 a 7280373 0698 b 436 eb 6 d EB ff 248 8 2 c f fb aff 72 80 919 1415 4 cda 7 a d c f 95 70 1 c 5 89 e 0 6 b a c Nat McHugh • 10 hours of computing on the Amazon GPU Cloud. • Cost: 60 cents • Used: Hashcat (on CUDA) • Birthday attack: A group size of only 70 people results in a 99.9% chance of two people sharing the same birthday. • M-bit output there are 2^m messages, and the same hash value would only require 2^(m/2) random messages. 18,446,744,073,709,551,616. C:\openssl>openssl md5 hash01.jpg MD5(hash01.jpg)= e06723d4961a0a3f950e7786f3766338
C:\openssl>openssl md5 hash02.jpg MD5(hash02.jpg)= e06723d4961a0a3f950e7786f3766338 Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
Trent LM and NTLM Hash
http://asecuritysite.com/crypto Author: Prof Bill Buchanan
Hash LM/NTLM napiergives hashme gives SAM Use the the Use guesses NAPIER Loaded Root myuser Root < · · ·
user NTLM NTLM Directory Active NTLMv Hash LM @ @ > kali kali : : < : 1 500 id 2 ( Windows Windows " ( > ( -- 1 hash password : : Windows Windows HKEY Registry Windows XP Windows : ~# : ~# < : show 12 LMhash time : john pw pw john B pw cat 9 " C 7 _ , : 54 7 8 option to display all of the cracked passwords reliably passwords cracked the of all display to option ( 307 12 FF FA , LOCAL > , 0 napier F 8 : : etc , : 6 , < - 2 2003 - 00 FE etc NTLM hash B 91 E A ) 9 – : 0 40814 ) 43841 - - 00 ( EC – No salt No C ) C ) DES LM
connect to connect 5 : 80 4 _ 00 100 00 - - 4 MACHINE FD AAD E F > C : - 7 84518 - < 6 3 28 D comment [ B F 4 % ( 128 435 - - E E A 0 103 2 1 / B A - - ) 128 51404 EC D 18795 > : F 2 \ < c SAM - 6 - homedir 80 57 / SSE BS A s EE 69 : - - AB AA AA : 4850 4850 307 B 6 04 > - - 2 D : D E ]) E EA 3 3 3 40814 · · 05 05 05 05 C - C - Directory of C of Directory isA Number Serial Volume no label Chas drive in Volume
B B trying : XP samdump froma Windowssystem hive bkhive 8 78 \ - - - - Windows 4 4 Oct Oct Oct Oct A - - F 35 35 E 62 / Vistapassword hashes - - - - 7 3 14 08 14 08 14 05 14 05 14 D - D - E B B : 4 E - 5 ( ( 5
\ NTLM NTLM NAPIER NAPIER 103 System dumps the syskeybootkey - - : : : : 14 14 : 40 39 56 52 2 \ Windows F - - - PM PM PM PM PM
6 04 04 dumps Windows A ) ) 32 69 - - - EE EE \ B config N 04 \ 149 System 15 4 PI EA 2 262 262 , B 728 , Author > 946 3 78 3 dir . R , , - 144 144 7 F , 32 640 , C 368 3 :
7 \ D . Prof Bill BuchananBillProf config A SECURITY SAM ::: SYSTEM . SOFTWARE 2 k / NT / Hash LM/NTLM Use the the Use guesses NAPIER Loaded Root myuser Root E myuser FB password < SAM 103 user 117 @ @ kali kali F 6 AD > : A : : : 1 500 69 500 06 < " : id -- 1 hash password : : B BDD 500 ~# : ~# 04 : > HKEY Registry show 12 12 : time EA 830 : < B E LMhash john pw pw john B pw cat 78 9 52 9 C B " C F 54 7586 CAC : 54 3 option to display all of the cracked passwords reliably passwords cracked the of all display to option ( D F _ 0 napier F ::: 6 67419 LOCAL : 6 FE C > : : : 00 FE 0 $ < EC NTLM hash : 0 A 00 ( EC 80 9 ) DES LM A : 80 AAD 224 00 100 00 AAD _ 3 A MACHINE B 3 435 B > 3 108 : [ B < % ( 128 435 B comment 51404 F 3 FA 1 / B ) 128 51404 6 EE CB > c : 6 : \ / SSE BS 307 D < SAM : homedir s EE 8846 : E : 40814 4850 4850 307 F 2 7 ]) E EAEE > E : 40814 7 D trying 4 8 E 7 D : 4 E NAPIER NAPIER 103 F 6 A 69 - B N 04 4 PI EA 3 78 Author R F 3 D : :::
Prof Bill BuchananBillProf Hash Crackers/Bit Coin Miners
Fast Hash One • 1.536TH/s – Cost 3-5,000 dollars.
25 GPU Hash Cracker • An eight character NTLM password cracked in 5.5 hours. 14 character LM hash cracked in six minutes. 350 billion hashes per second. Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
Message authentication Trent codes (MACs) http://asecuritysite.com/crypto Author: Prof Bill Buchanan Authentication HMAC Secret key Message Sender HMAC MAC HMAC HMAC HMAC HMAC HMAC 3 - - - - - DES SHA SHA SHA SHA MD 5 - - - - 512 384 256 1 B AC " " hello testing 7 E 2 isalso confirmed validated ifthey match the sender is against receivedone checks theHMAC code Receiver 3 C B " 2 Receiver , 12114465945 E 123 andyou should get Message 614882 HMAC " anda key of , andthe message CE HMAC 7158 Author D 01 F :
– Secret Prof Bill BuchananBillProf 69
key : Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
Trent OTP, HOTP, TOTP
http://asecuritysite.com/crypto Author: Prof Bill Buchanan Bob f(m)
f(f(m)) One-time System logon password f(f(f(m)))
H(t1)
One-time password (timed) H(t2) System logon
H(t3)
One-time password H(c1) (counter) H(c2) System logon
Author: Prof Bill Buchanan Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
FNV, Murmur and Trent Bloom’s Filter http://asecuritysite.com/crypto Author: Prof Bill Buchanan Hash Hash methods hash collisions utilization balancebetween performance and CPU methods performance compared with other hashing hash hash function AustinAppleby function FNVhashes usesa non SHA While hashing methodssuch asMD - - 1 based lookups use methodscryto . , The Murmurhash . Murmur andgenerally provide gooda Also it performswell in terms of . . Thiscan be used generalfor , usesa non . It hasa good - cryptographic hash , , the Murmurand - cryptographic designedby 5 and is theis most up Vo GlennFowler cryptographic functionhash developed by FNV . There are two main versions ( Fowler – , FNV Noll - Landon Curt Noll to - date version – Vo ) isa 64 Author . - bit nonbit , , andPhong : ofwhich
Prof Bill BuchananBillProf - 1 a Advanced Bob Crypto Alice 3. Hashing and Authentication
Eve
Shamir’s Secret Trent Sharing http://asecuritysite.com/crypto Author: Prof Bill Buchanan Hash Shamir 000 Secret P 7 7 KVyuv fID 1 1 RF 1 Secret IzOs 7 zOzKLtK = 2 001 This is a secret This is U 2 65 XYv cH 7 2 oFiiBY XqiTOQ Any 2 = from 5 hZT This is a secret This is 3 00254 hwPIEgUcRRE TgLzcbIzP Author 0 : =
Prof Bill BuchananBillProf teF 4 Advanced Bob Crypto Alice 3. Hashing and Authentication MD2. MD4. MD5. SHA-1. Salting. Collisions. Eve Murmur and FNV. Bloom Filter. LM Hash. Whirlpool. RIPEMD (RACE Integrity Primitives Evaluation Message Digest). GOST. Tiger. Trent SHA-3. Bcrypt. PBKDF2. Open SSL Hash passwords. Secret Shares. One Time Passwords. Timed One Time Password (TOTP). Hashed One Time Password (HOTP). HMAC. Time Stamp Protocol. http://asecuritysite.com/crypto Author: Prof Bill Buchanan