Home » Unit 32 Networked Systems Security » Week 11 – Cryptography

Week 11 – Cryptography

Describe the step by step process for storing and authenticating passwords using hashes

Choose between a hashing algorithms for security and performance

Compare the uses of hash algorithms and public key encryption

 

 

Recap:

What is cryptography?
What is cryptanalysis?
What do we use cryptography for in computing?

 

Hash Functions

  • Converts a variable length input to a fixed length
    • Creates a “digest”
  • “One way” so easy to compute, but can’t reverse

 

 

A hash is always the same length, regardless ofhashx
the number of characters or amount of data fed
into the algorithm.  For the hash to be useful the
digest (hash) value should effect the entire value
when a very small change has been made to the
original message.

 

Abstract base HashAlgorithm

  • MD5 (Message Digest Algorithm) – 128 bit hash compromised
  • SHA (Secure Hash Algorithm)
  • SHA1 (160 bit hash)
  • SHA256
  • SHA384
  • SHA512

KeyedHashAlgorithm (Message Authentication Code)

  • HMACSHA*
  • MACTripleDES

 

Demo C#Demo Python

Using the Secure Hash Algorithm in C# .NET

using System;
using System.Linq;
using System.Security.Cryptography;
using System.Text;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            UnicodeEncoding byteConvertor = new UnicodeEncoding();  //instantiate unicode encoding 
            Encoding ascii = Encoding.GetEncoding("ASCII");
            Encoding unicode = Encoding.GetEncoding("Unicode");     //create an instance of encoding.getencoding
            SHA256 sha256 = SHA256.Create();
            SHA512 sha512 = SHA512.Create();

            string data = "A paragraph of text";
            byte[] hashA = sha256.ComputeHash(byteConvertor.GetBytes(data));

            string data1 = "A paragraph of text.";
            byte[] hashB = sha256.ComputeHash(byteConvertor.GetBytes(data1));

            string data2 = "A paragraph of text";
            byte[] hashC = sha256.ComputeHash(byteConvertor.GetBytes(data2));

            Console.WriteLine(data + " is equal to " + data1 + " = " + hashA.SequenceEqual(hashB));
            Console.WriteLine(data + " is equal to " + data2 + " = " + hashA.SequenceEqual(hashC));

            string A = BitConverter.ToString(hashA).Replace("-", "");
            string B = BitConverter.ToString(hashB).Replace("-", "");
            string C = BitConverter.ToString(hashC).Replace("-", "");

            Console.WriteLine(data + "  hashes to " + A);
            Console.WriteLine(data + ". hashes to " + B);
            Console.WriteLine(data + "  hashes to " + C);


            Console.ReadLine();
        }
    }
}
 Download the C# project here 
import hashlib

hashA = hashlib.sha256(b'A paragraph of text')
hashB = hashlib.sha256(b'A paragraph of text.')
hashC = hashlib.sha256(b'A paragraph of text')

print(hashA, " is equal to ", hashB, " = ", hashA.hexdigest() == hashB.hexdigest())
print(hashA, " is equal to ", hashC, " = ", hashA.hexdigest() == hashC.hexdigest())

print('A paragraph of text hashes to ', hashA.hexdigest())
print('A paragraph of text. hashes to ', hashB.hexdigest())
print('A paragraph of text hashes to ', hashC.hexdigest())

print('')

print(hashlib.algorithms_available)
 Download the Python project here 

 

http://pythoncentral.io/hashing-strings-with-python/

 

 

 

Assignment task
Research and explain the method used to store passwords on a server and authenticate a user who logs in at a remote machine.

 

 

Assignment 2

 

Reference

https://app.pluralsight.com/player?course=digital-forensics-tools-kali-linux-imaging-hashing&author=james-murray&name=digital-forensics-tools-kali-linux-imaging-hashing-m4&clip=1&mode=live

https://en.wikipedia.org/wiki/Scytale