Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exercise: Hashing, Password security, And File Integrity

Published byLanny Lie Modified over 5 years ago

Similar presentations

Presentation on theme: "Exercise: Hashing, Password security, And File Integrity"— Presentation transcript:

1 Exercise: Hashing, Password security, And File Integrity
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. Introduction to Cryptography

2 Background Password Security
It is critical to create strong password for authentication in computer application today. When easy-to-guess or common passwords are used, there are hacking techniques that attackers can use to retrieve the password’s plaintext. When creating a password, it is stored in a back-end database. The password’s hash value is stored instead of its’ plaintext value. Encryption vs. Hashing for Password Storage Passwords are reversible. If passwords were strong encrypted, and an attacker successfully steals the encrypted password, they may figure out the key and reverse the encrypted password into plaintext. Hashing is a better option for storing passwords because a strong hashing algorithm is irreversible. If an attacker steals a strong password that is hashed, it would be impossible to reverse.

3 Background Hashing Process
When logging into a website with a user ID and password, the back-end database uses the ID to look up the associated hash value. The submitted password is hashed with the hashing algorithm the site uses. If the resulting hash is the same as the one stored on the back-end the user is authenticated and granted access to the site. Rainbow Tables When easy-to-guess or common passwords are hashed, an attacker could use rainbow tables to retrieve the password’s plaintext. Rainbow tables make it possible to brute force attack hashed messages. A brute force attack attempts every possible combination to retrieve the plaintext of encrypted values. Rainbow tables have pre- configured hash values associated with easy-to-guess or common passwords.

4 Exercise: Scenario Creating Passwords for Easy to Guess Passwords
Go to We want to create SHA256 bit a hash value for password pass1234. Type “pass1234” in the “Enter your text below” box. Scroll down to “SHA256 Hash of your string” to see the generated string. Go to Copy the SHA256 “pass1234” string in the box on this website. Check the reCAPTCHA box and click “Crack Hash” . Were you able to crack the hash? Why or why not?

5 Exercise: Scenario Creating Passwords for Easy to Guess Passwords
Go to Create a SHA256 bit hash value for password Crypt_ex3&. Type Crypt_ex3& in the “Enter your text below” box. Scroll down to “SHA256 Hash of your string” to see the generated string. Go to Copy the SHA256 Crypt_ex3& string in the box on this website. Check the reCAPTCHA box and click “Crack Hash” . Were you able to crack the hash? Why or why not?

6 Background Salts Salts provide an additional layer of protection for stored passwords. The issue with hashes without salts is that if two user create the same password it creates the same hash value making is easier for attackers to use rainbow tables to ______ passwords. Salts are random strings added to before the password is hashed. The following image is an example of how when the password “hello” is salted it creates different hash values:

7 Exercise Salting a Message Argon2, Password-Based Key Derivation Function 2 (PBKDF2) ,Scrypt, and Bcrypt are password hashing technologies that have salts built in. 1. Go to In the “Message (or pass phrase) type “pass1234”. Click “Generate Hash”. Record the “Hash (Hex)” value. 2. Go to Copy the salted hash of “pass1234” in the box. Check the ________ and click “Crack Hash”. What difference do you notice from when you tried to crack this password with and without the salt? 3. Go to In the “Message (or pass phrase) type “Cryp_ex3&”. Click “Generate Hash”. Record the “Hash (Hex)” value. 4. Go to Copy the salted hash of “Cryp_ex3&” in the box. Check the ________ and click “Crack Hash”. Were you able to crack the hash?

8 Takeaways It is important to create strong passwords that are not easy-to-guess or common. Hashes protect password while they are stored Rainbow tables can _________ weak and/or easy-to-guess hashed passwords. Salts can protect even weak passwords from brute force attacks using rainbow tables.

Download ppt "Exercise: Hashing, Password security, And File Integrity"

Similar presentations

Use of a One-Way Hash without a Salt

Use of a One-Way Hash without a Salt
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.

Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.

Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
Databases and security continued CMSC 461 Michael Wilson.

Databases and security continued CMSC 461 Michael Wilson.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.

6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
What do you know about password? By Guang Ling Oct. 8 th, 2012 1.

What do you know about password? By Guang Ling Oct. 8 th,

Similar presentations

Ads by Google