1. Home
2. Training Library
3. Hash Functions [CISMP]

# Hashing & brute force attacks

1
Hash functions
PREVIEW10m

## The course is part of this learning path

Hashing & brute force attacks
Difficulty
Beginner
Duration
15m
Students
63
Ratings
5/5
Description

One of four primary areas of cryptography, hash functions are the focus of this course, which is designed to inform you of their characteristics, properties, and uses.

Transcript

Welcome to this session on encryption. So, in this section, we're going to talk about symmetric encryption and asymmetric encryption and we're gonna look at a couple of little tools and demonstrations for this purpose. So, I'm gonna turn to my machine. Encryptions is used primarily for confidentiality and there are layered approaches to this which you'll see as the session goes on. This next tool is called CyberChef. I do like this tool. This is a tool provided by GCHQ and it's used for digital forensics. It's used for lots of other things as well, but I want to show you something called hashing. So, hashing, and there are different types of hashers out there. We have something called MD. Now, MD is Message Digest, and that will appear in you exam, so you do need to remember what Message Digest-, and that's a hashing algorithm. You have two, four, five, six, one, is-, different algorithms. Don't be flummoxed by any of these numbers, as long as you know that the MD series, Message Digest, is to do with hashing, but what's the hash-mark? Well, let's demonstrate just what a hash is. So, I'm gonna select MD5, Message Digest 5, and I'm gonna put this in the recipe, and then I'm gonna type in 'password123', and you can see that the output from the file is fixed, so it's now 482c811. That's the fixed output for the hash itself. That's pretty straightforward. Any time I use MD5 and I use the same password, I get the same hash.

Now, this hash, I'm gonna copy the hash-, gonna copy the hash, then I'm gonna go and bring up Google and put that hash into Google and see if Google can recognise that hash. And I can see straight away, if I look at the hash toolkit and I'm gonna click on the hash toolkit, the second one down, there's other ones that are obviously showing what the password relates to. And straight away, password123, which is quite a common on that's used by people in America, every single combination of the hash relating to that password is available on this site. So, we've got MD5, SHA is called Secure Hashing Algorithm, that's another hashing algorithm that we can use. We only use SHA1 for hashing. We don't use it for confidentiality purposes. SHA2 and 3, we can use for confidentiality, and we can also use it for hashing, but you can see the output is longer. It's a longer output that comes from it, a fixed-length output, depending on which algorithm you use, and you can see some good examples just on this site here, so that's quite interesting, if the hash is coming up more. So, if I go back to our example now, password123, that's the fixed hash for that but what I'm gonna do in this one, this time, now, is I'm gonna change the hash from a lower-case 'p' to an upper-case 'P', and immediately, the hash has changed. Which obviously would indicate to you that this is an integrity issue, and the integrity would tell you that something's happened to this file. Maybe your-, there's a file you're trying to download and the file's been modified or changed.

Now, I could use John the Ripper or Cain and Abel or one of the other password-cracking tools to crack the passwords, and I'm used to using this tool that's provided by the website and I'm gonna run the tool, and it's gonna run every single combination, and obviously, with three characters, it pretty-, should be relatively quick to find it. And soon as it's got it, it's gonna identify the password. The password is CIA, surprisingly enough, some people do use that as a password, and then if I click 'log in', I'm in the website. That simple. That simple demonstration of what a brute-force attack is.

Students
29888
Labs
125
Courses
1434
Learning Paths
37

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.