## Hashing[Home] This page outlines a wide range of methods used in encryption.
## Hash functionsThe following are the tips related to hashing: **MD5 and SHA-1**. Hash. MD5 and SHA-1 methods produces a hash signature, and are the two of the most widely used methods. The MD5 algorithm has been show to have weaknesses, and a collision of message hashes has been shown to occur in less than one day. An MD5 signature has 128 bits, an SHA-1 signature has 160 bits, and an SHA-256 signature has 256 bits.**MD5 Cracking**. Hash Cracker. MD5 has a 128-bit signature, and can be cracked using rainbow tables. This page tries to crack the MD5 signature.**MD5 and SHA-1 (to Base-64)**Hash. MD5 and SHA-1 produces a hash signature, and the output is typically show in a hex format or a Base-64. In this example the output is converted into a**Base-64**format.**MD5 and SHA-1 (to Base-64) with salt**Salt. It is possible to add salt to the MD5 algorithm, to mix it up a little.**MD2 and MD4**MD2/4. The MD2 and MD4 hashing functions were developed by Prof Ronald Rivest in 1989 and 1990, respectively. They both produce a 128-bit hash, but have been shown be vunerable to attack (see the Collision section in the page).**Murmur and FNV**Murmur and FNV. While hashing methods such as MD5 and SHA-1 use cryto methods, the Murmurand FNV hashes uses a non-cryptographic hash function. This can be used for general hash-based lookup, and was designed by Austin Appleby. It has a good performance compared with other hashing methods.**Bloom Filter**Bloom filter. A Bloom filter goes a probabilistic method of determining if an element is in a data structure, using indexed hashing methods.**LM Hash**. LM Hash. This is an LM Hash Calculator. LM Hash is used in many version of Windows to store user passwords that are fewer than 15 characters long.**APR1**. APR1. This produces an APR1 hash signature for a password.**phpass**. phpass. This produces an phpass hash signature for a password.**LDAP**. LDAP. This produces a LDAP hash signature for a password.**Chaffing**. Chaffing. This produces a keyless system.**Peason**. Pearson. This uses a non-crypto hash.**Whirlpool**. Whirlpool. Whirlpool is a 512-bit cryptographic hash function, and was created by Vincent Rijmen (one of the AES creators) and Paulo Barreto, in 2000.**RIPEMD (RACE Integrity Primitives Evaluation Message Digest) and GOST**. RIPEM160. RIPEMD is a 128-bit, 160-bit, 256-bit or 320-bit cryptographic hash function, and was created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. It is used on TrueCrypt, and is open source. The 160-bit version is seen as an alternative to SHA-1, and is part of ISO/IEC 10118**Tiger**. Tiger. Tiger is a 192-bit hash function, and was designed by Ross Anderson and Eli Biham in 1995. It is often used by clients within Gnutella file sharing networks, and does not suffer from known attacks on MD5 and SHA-0/SHA-1. Tiger2 is an addition, in which the message is padded with a byte of 0x80 (in a similar way to MD4, MD5 and SHA), whereas in Tiger it is 0x01. Otherwise the two methods are the same in their operation.**SHA-3**. SHA-3. SHA-3 was known as Keccak and is a hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. MD5 and SHA-0 have been shown to be susceptible to attacks, along with theoretical attacks on SHA-1. NIST thus defined there was a need for a new hashing method which did not use the existing methods for hashing, and setup a competition for competing algorithms. In October 2012, Keccak won the NIST hash function competition, and is proposed as the SHA-3 standard. It should be noted that it is not replacement SHA-2, which is currently a secure methods. Overall Keccak uses the sponge construction where the message blocks are XORed into the initial bits of the state, and then invertibly permuted.**Bcrypt**. Bcrypt. This creates a hash value which has salt.**PBKDF2**. PBKDF2. The PBKDF2 method created a salted hashed value, and which is used to generate the main key for TrueCrypt.**PBKDF2 (Part 2)**. PBKDF2. The PBKDF2 method created a salted hashed value, and which is used to generate the main key for TrueCrypt.**SHA-3, Keccak and SHAKE**. SHA-3. Implements SHA-3, Keccak and SHAKE (SHA-3 winner).**Blake and Blake 2**. Blake. Implements Blake and Blake 2 (SHA-3 contender).**Skein**. Skein. Implements Skein (SHA-3 contender).**Grøstl**. Grøstl. Implements Grøstl (SHA-3 contender).**Hash benchmark**. Benchmark. Benchmarks some hashing methods.**Hash values**. Hashes. Outlines hash method.**Open SSL Hash passwords**. Open SSL Passwords. This creates a hash value which has salt using a range of methods.
## Non-crypto hashingThe following are the tips related to non-crypto hashing: **xxHash**. xxHash. xxHash is one of the fastest hashing methods.**FNV**. FNV. FNV is one of the fastest hashing methods.**Murmur**. Murmur. Murmur is one of the fastest hashing methods.**Spooky**. Spooky. Spooky is a fast hashing method.
## Password generation**Open SSL Hash passwords**. Open SSL Passwords. This creates a hash value which has salt using a range of methods.**Hash (JavaScript)**. Hash. Hashing using JavaScript**Password generation/hashing (Javascript)**. Hashing. Password generation/hashing using JavaScript
## One Time Passwords/Time StampsThe following are the tips related to hashing: **One Time Passwords**. One Time. This allows a new unique password to be created each instance, based on an initial seed.**Timed One Time Password (TOTP)**. Timed One Time Password. This allows a new unique passcode to be created each instance, based on an initial seed for a given time window. We will use a five second window in this case, where a new passcode is generated every five seconds, based on an initial seed of a pass phrase.**Hashed One Time Password (HOTP)**. Hashed One Time Password. This allows a new unique passcode to be created each instance, based on a counter value and an initial seed.**Time Stamp Protocol**. TSP. This creates a time stamp for data.**HOTP and TOTP (Python)**. OTP. This creates hashed passwords.
## Message authentication codes (MACs)**OMA Digest**OMA. Open Mobile Alliance Device Management (OMA DM)**MAC Triple-DES**. MAC3DES. MACs can be used to authenticate a message, as a key is required to determine the hash value. With this the sender computes the hash with a secret key, and sends to the receiver, where the receive then calculates the hash of the message, and uses the secret key. If the hash received is the same as the computed one, the message has not been tampered with. The key size can be 8, 16 or 24 bytes. In this case, 24 bytes are used, and produces a hash of 8 bytes (64 bits), using the TripleDES encryption method.**HMAC**. HMAC. HMAC is a message authentication code (MAC) and can be used to verify the integrity and authentication of a message. It involves hashing a message with a secret key. As with any MAC, it can be used with standard hash function, such as MD5 or SHA-1, which results in methods such as HMAC-MD5 or HMAC-SHA-1. As with any hashing function, the strength depends on the quality of the hashing function, and the resulting number of code bits. Along with this the number of bits in the secret key is a factor.**HMAC (Python)**. HMAC. HMAC is a message authentication code (MAC).
## PresentationThe following is an outline presentation on encryption: |