Hashing and Digital Certificates
[Back] The key concepts are: MD2. MD4. MD5. SHA-1. Salting. Collisions. Murmur and FNV. Bloom Filter. LM Hash. Whirlpool. RIPEMD (RACE Integrity Primitives Evaluation Message Digest). GOST. Tiger. SHA-3. Bcrypt. PBKDF2. Open SSL Hash passwords. Secret Shares. One Time Passwords. Timed One Time Password (TOTP). Hashed One Time Password (HOTP). HMAC. Time Stamp Protocol.
What should I have learnt?
The following are a few sample questions that will get you thinking in the right areas [paper]:
"We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our networks in late 2014 by what we believe is a state-sponsored actor," Lord wrote. "The account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and, in some cases, encrypted or unencrypted security questions and answers."
Do you think the vast majority of the hashed passwords will be cracked? Do you think they had good practice in place for hashed passwords?