THE DFIR BLOG
Menu

Hashing

12/29/2023

0 Comments

 
  • Used to maintain Integrity
  • Hashing is Irreversible - A good analogy to remember this is that you can make orange juice from orange but you cannot make juice from orange.
  • Two Different messages should not produce the same digest message
  • Usually 128 Bit or 160 Bit
  • Algorithm to Remember SHA and MD5​
  • MD5 is vulnerable to many attacks like Collision and Birthday Attacks etc. 
  • SHA-256 is preferred for hashing.

Message Digest 

Used to ensure the authentication and integrity of information and the confidentiality 

Salting

Salting is used in hashing for the randomization 

MAC - Message Authentication Code

Small Block of data that is generated using a secret key and then appended to the message. 

HMAC

HMAC works with any arbitrary hashing algorithm like SHA256 or MD5. If we use it with SHA 256 then it's called HMAC-SHA256. HMAC Is used to achieve integrity 

HMAC Takes Three Input 
1) Message 
2) Hash Function
3) Secret (Symmetric Key)

Steps (Sender and Receiver should agree on Hashing Algorithm and the much have the same Symmetric Key.
1) Sender concatenate the Symmetric key (Secret Key) with the Message.
2) Result goes though an hashing algorithm (MD5 or SHA) and a MAC Value is generated
3) The MAC Value is appended to the message
4) Sender Sends the message (With Appended MAC Value) to the receiver 
​5) Receiver concatenate the Symmetric key with the message 
6) Result goes though an hashing algorithm and a MAC Value is generated

7) if Sender MAC Value matches with Receivers MAC Value - Integrity is achieved 

Here is a nice website for you to test this process:
https://www.freeformatter.com/hmac-generator.html#before-output

​

 

0 Comments



Leave a Reply.

    Subscribe to Newsletter

    Archives

    December 2023

    Categories

    All

    RSS Feed

  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me
  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me