1. 6fb52297e004844aa81be d50cc3545bc Hashing!

2. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You can hash it anyway you want  Try to make an interesting version that you think no other group will be able to guess!  Bring the hashed message up when you finish it for later use

3. Discussion  What do you think hashing is?  Where do you think a good place is to use hashing?

4. Definitions  A hash function is any function that can be used to map digital data of arbitrary size to digital data of fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes. --wikipediafunctiondata  Some of the places hashing is used:  it is used for password storing in OS’s  a table that is used to sort data quickly and be able to retrieve it quickly  verifying if a file is the same when you download it as it was when it was hashed and uploaded

5. Cracking Activity 1  For this activity, we will try to break each encrypted message.  Each group choose a message (other than your own!) and take a little time to try to break it. You can go online and look for online tools to do this if you want since we haven’t gone over how to break hashing yet.  After a little bit of time we will go around the room and see if you got the message, and if you did, tell us. Also, if you did, tell us what type of hashing was used.  For the ones that weren’t broken, we’ll have the groups that made them tell us what the hashing was and what the message was.

6. Cracking Activity 1  List of hashed messages:

7. Definitions 2  What is a cryptographic function?  A cryptographic hash function is a hashing function which is thought to be pretty close to impossible to crack (get the message) when just given the hash value. You can think of it like a one way street. You give it the input and the function produces a hash value, but given the hash value, you can’t figure out the input if you don’t know the hash function (brute force attempts at solving would take way too much time and effort).

8. Definitions 2 cont.  What is a password hashing function?  A password hashing function is a function that takes the input (in this case a password), combines/concatenates it with a salt (which is random data that is randomly generated for each user), then uses a cryptographic hash function to create a hash. The hash is stored in a database with the salt, and when a user inputs a password then the process repeats and the newly created hash is compared with the hash for the original password, and if they match then they can log in.

9. Hashing Example 1  Go to https://samsclass.info/123/proj10/p12-hashcat.htmhttps://samsclass.info/123/proj10/p12-hashcat.htm  We will use this site as a simple example of how to use hashcat to break a hash  Let’s step through this example to see how hashcat on kali works

10. Hashing Example 2  This example we will also walk through how to crack hashes using hashcat.  First go to: https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack- passwords-using-hashcat/https://uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack- passwords-using-hashcat/  Next, work on this with your partner as I step through it with you

11. Definitions 3  First up is MD5.  Has a hash value of size 128 bits, which is usually displayed as a 32 digit hexadecimal value.  Between 2004 and 2008, there were a number of flaws found with the MD5 algorithm, and is no longer used for security purposes (at least in government and corporate applications).  This function uses a block cipher, and goes through a process of 4 rounds with the cipher to create the hash.

12. Definitions 3 cont.  Next up is SHA-1.  has a hash value of 160 bits, which is bigger than MD5 and is displayed as a 40 digit hexadecimal number.  This function was a spiritual successor to MD5, and a lot of applications used it until about 2010.  This function uses a block cipher as well, and goes through a process of 80 rounds with the cipher to create the hash.

13. Definitions 3 cont.  Finally, let’s talk about SHA-2.  This function has 6 versions of itself, with varying lengths: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.  the bit size values are 224, 256, 384, or 512 respectfully.  This function was created by the NSA.  This function has 2 different amounts of rounds as well, 64 or 80 rounds with block ciphers.

14. Group Activity 2  Doing this activity in our groups, let’s do some hash creation and cracking shall we.  First, create 12 hashes using different versions of hash (MD5, sha, etc)  Next, after creating your 12 hashes, make 3 lists with 4 different ones each and give them to the other groups  After each group has taken some hashes, go ahead and split up the hashes among the pairs in each group, and try to crack the hashes.  After we break them, we will go around the room and see what types they were and how hard it was to crack them; if some weren’t cracked, the group that made them will tell us what type of hash function it was made with