KEMBAR78
2 Crypto - Basics | PDF | Cyberwarfare | Security
Scribd
Upload
14 views10 pages

2 Crypto - Basics

This document discusses the importance of hashing in cybersecurity, highlighting its use in password authentication, blockchain technology, and digital certificates. It provides practical steps for using hashing tools in Kali Linux, including generating hashes with various algorithms and identifying hash types with tools like hash-identifier. The tutorial emphasizes the role of hashing in ensuring data integrity and assists users in utilizing hashing tools effectively.

Uploaded by

srisevitha.narahari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14 views10 pages

2 Crypto - Basics

This document discusses the importance of hashing in cybersecurity, highlighting its use in password authentication, blockchain technology, and digital certificates. It provides practical steps for using hashing tools in Kali Linux, including generating hashes with various algorithms and identifying hash types with tools like hash-identifier. The tutorial emphasizes the role of hashing in ensuring data integrity and assists users in utilizing hashing tools effectively.

Uploaded by

srisevitha.narahari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Cryptography Basics for Hackers, Part 2: Hashes and Hashing

otw

Feb 4, 20213 min read

Updated: Dec 29, 2022

Welcome back, my aspiring cyberwarriors!

In the first part of this series, Cryptography Basics for Hackers, we


reviewed each of the many types of encryption. One of those types is
hashing or one-way encryption. Hashing is used throughout cybersecurity
to ensure integrity for such things as software downloads, passwords, and
digital certificates. In digital forensics, hashing is used to ensure the
integrity of image captures of storage devices such as hard drives and
flash drives.

In addition, the Bitcoin blockchain utilizes SHA256 hashes as block


identifiers. Network protocols use checksums (another name for hashes)
to make certain the data has not been altered or corrupted, in other
words, to check integrity. An X509 digital certificate includes a hash value
known as the fingerprint, which can facilitate certificate verification. These
are just a few of the multitude of ways that hashes are used in
cybersecurity today.
In Cryptography Basics for Hackers, Part 1, we introduced you to hashing
concepts. In this tutorial, we will focus on hashes and hashing from a
practical aspect in our Kali Linux.

Step #1: Fire Up Kali Linux

The first step, of course, is to fire up Kali and open a terminal.

Step #2 Linux Hashing Tools

Nearly every distribution of Linux has hashing tools and, as you would
expect, Kali Linux is no exception. We can test these hashing tools by
generating a random bit of text and running it through some of the most
common hashing algorithms such as MD5, SHA1, SHA256 and SHA512.

Let's try a short and tautological statement to test each of these hashing
tools such as "Hackers-Arise is THE Best place to learn cybersecurity." We
can use the echo command followed by this statement and then pipe it to
the hashing command such as;

kali > echo -n "Hackers-Arise is the Best to learn cybersecurity"|


md5sum

As you can see above in the second line, the system responds with the
MD5 message digest (MD). We can do the same for SHA1, SHA256, and
SHA512.

If you prefer a GUI tool for creating hashes, consider gtkhash. You can get
it from the Kali repository.

kali > sudo apt install gtkhash

To start gtkhash, simply enter;


kali > sudo gtkhash

Note that by default, this tool includes MD5, SHA1, SHA256 and CRC32
hashing algorithms. If you need other hashing algorithms, click on Edit tab
and then click Preferences. This will open a menu like that below.
To use any other hash algorithms, simply click the radio button next to the
algorithm and the initial window will re-populate with the new algorithms.
Step #3: Hash identifier

When trying to crack hashes with tools such as hashcat and others, the
first step is to identify the type of hash. Obviously, the hash cracking tool
needs to know what hashing algorithm to use before cracking it. Some
tools, such as John the Ripper, have hash auto detection which is VERY
useful, but unfortunately it is not always accurate. hashcat requires that
you input the type of hashing algorithm before cracking a hash. When we
run the hashcat help screen, we can see hundreds of hashing algorithms
listed.
Luckily, if we don't know which hashing algorithm created the hash, we
have a tool built into our Kali Linux that can help us identify the it called
hash-identifier. This tool can reliably estimate the hashing algorithm that
created the hash by the patterns of the message digest.

To use it, we simply need to enter the command followed by the hash (our
MD5 hash from our text from above) such as;

kali > hash-identifier 3f97dc48855067a56095837187099998


As you can see, hash-identifier was able to identify this hash as MD5!
Correct!

To identify another hash, we simply enter it as the HASH: prompt at the


bottom of the screen. In this case, we enter the second (SHA1) hash of our
text.

Voila! It identified it as SHA-1! What a great tool!


It also lists the numerous hashes that it is least likely to be.

Let's try the SHA-256 hash and the SHA-512 hashes of our text.

As you can see above, hash-identifier correctly estimated that this hash
was SHA-256 or HAVAL-256.

Hash-identifier estimated that our hash of our text generated by the SHA-
512 algorithm is either SHA-512 or Whirlpool! This is a great tool!

Summary

Hashing is one-way encryption that is used throughout cybersecurity to


ensure integrity in such systems as password authentication, the
blockchain, and digital certificates. When trying to use tools such as
hashcat to break this encryption of passwords, the first step is to identify
the hash algorithm. Tools such as hash-identify are excellent for
identifying the hash algorithm by detecting the pattern of the message
digest (hash).

You might also like