Exercise: Hashing, Password security, And File Integrity

Slides:



Advertisements
Similar presentations
Use of a One-Way Hash without a Salt
Advertisements

Password Cracking Lesson 10. Why crack passwords?
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
CIS 450 – Network Security Chapter 8 – Password Security.
Databases and security continued CMSC 461 Michael Wilson.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
What do you know about password? By Guang Ling Oct. 8 th,
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
MD5 & Hash Encryption By Alex Buzak. Overview Purpose of MD5 and Hash Encryptions Examples MD5 Algorithm Explanation of Possible Security Risks Practical.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Over 18 yrs experience with SQL Server
By Collin Donaldson Man in the Middle Attack: Password Sniffing and Cracking.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect.
Understanding Security Policies
Microsoft Word 2016 Lesson 6 Part 1.
Cracking Encrypted Systems
I have edited and added material.
Cryptographic Hash Function
Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé
Chapter 5: The Art of Ensuring Integrity
Password Cracking Lesson 10.
IIT Indore © Neminah Hubballi
Networks Encryption.
Big Picture How many ways can a system be attacked? What can we do about it?
CS 465 PasswordS Last Updated: Nov 7, 2017.
2. Derivatives on the calculator
Digital Signatures Last Updated: Oct 14, 2017.
Security.
Transparent Data Encryption (TDE)
Cryptographic Hash Functions Part I
ATTACKS ON WINZIP ENCRYPTION
ICS 454 Principles of Cryptography
Web Systems Development (CSC-215)
PHP: Security issues FdSc Module 109 Server side scripting and
An Introduction to Web Application Security
Lesson 16-Windows NT Security Issues
CSE 484 Midterm Review “1st half of the quarter in 5 slides”
Kiran Subramanyam Password Cracking 1.
ICS 454 Principles of Cryptography
Engineering Secure Software
Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé
Elections Choose wisely, this is your chance to prove if election by popular vote works or not.
Cryptographic Hash Functions Part I
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Exercise 1: Let’s Communicate - Decrypt The message
CS5220 Advanced Topics in Web Programming Secure REST API
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Unit 10 The Web Book Test.
Operating Systems Concepts
Hash Function Requirements
1.3 Compression, Encryption & Hashing
Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Exercise: Hashing, Password security, And File Integrity NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. Introduction to Cryptography

Background Password Security It is critical to create strong password for authentication in computer application today. When easy-to-guess or common passwords are used, there are hacking techniques that attackers can use to retrieve the password’s plaintext. When creating a password, it is stored in a back-end database. The password’s hash value is stored instead of its’ plaintext value. Encryption vs. Hashing for Password Storage Passwords are reversible. If passwords were strong encrypted, and an attacker successfully steals the encrypted password, they may figure out the key and reverse the encrypted password into plaintext. Hashing is a better option for storing passwords because a strong hashing algorithm is irreversible. If an attacker steals a strong password that is hashed, it would be impossible to reverse.

Background Hashing Process When logging into a website with a user ID and password, the back-end database uses the ID to look up the associated hash value. The submitted password is hashed with the hashing algorithm the site uses. If the resulting hash is the same as the one stored on the back-end the user is authenticated and granted access to the site. Rainbow Tables When easy-to-guess or common passwords are hashed, an attacker could use rainbow tables to retrieve the password’s plaintext. Rainbow tables make it possible to brute force attack hashed messages. A brute force attack attempts every possible combination to retrieve the plaintext of encrypted values. Rainbow tables have pre- configured hash values associated with easy-to-guess or common passwords.

Exercise: Scenario Creating Passwords for Easy to Guess Passwords Go to https://passwordsgenerator.net/sha256-hash-generator/. We want to create SHA256 bit a hash value for password pass1234. Type “pass1234” in the “Enter your text below” box. Scroll down to “SHA256 Hash of your string” to see the generated string. Go to https://crackstation.net/. Copy the SHA256 “pass1234” string in the box on this website. Check the reCAPTCHA box and click “Crack Hash” . Were you able to crack the hash? Why or why not?

Exercise: Scenario Creating Passwords for Easy to Guess Passwords Go to https://passwordsgenerator.net/sha256-hash-generator/. Create a SHA256 bit hash value for password Crypt_ex3&. Type Crypt_ex3& in the “Enter your text below” box. Scroll down to “SHA256 Hash of your string” to see the generated string. Go to https://crackstation.net/. Copy the SHA256 Crypt_ex3& string in the box on this website. Check the reCAPTCHA box and click “Crack Hash” . Were you able to crack the hash? Why or why not?

Background Salts Salts provide an additional layer of protection for stored passwords. The issue with hashes without salts is that if two user create the same password it creates the same hash value making is easier for attackers to use rainbow tables to ______ passwords. Salts are random strings added to before the password is hashed. The following image is an example of how when the password “hello” is salted it creates different hash values: https://crackstation.net/hashing-security.htm

Exercise Salting a Message Argon2, Password-Based Key Derivation Function 2 (PBKDF2) ,Scrypt, and Bcrypt are password hashing technologies that have salts built in. 1. Go to https://asecuritysite.com/encryption/PBKDF2z. In the “Message (or pass phrase) type “pass1234”. Click “Generate Hash”. Record the “Hash (Hex)” value. 2. Go to https://crackstation.net/. Copy the salted hash of “pass1234” in the box. Check the ________ and click “Crack Hash”. What difference do you notice from when you tried to crack this password with and without the salt? 3. Go to https://asecuritysite.com/encryption/PBKDF2z. In the “Message (or pass phrase) type “Cryp_ex3&”. Click “Generate Hash”. Record the “Hash (Hex)” value. 4. Go to https://crackstation.net/. Copy the salted hash of “Cryp_ex3&” in the box. Check the ________ and click “Crack Hash”. Were you able to crack the hash?

Takeaways It is important to create strong passwords that are not easy-to-guess or common. Hashes protect password while they are stored Rainbow tables can _________ weak and/or easy-to-guess hashed passwords. Salts can protect even weak passwords from brute force attacks using rainbow tables.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.