## Hashing[Home] This page outlines a wide range of methods used in encryption.
## Hashing## Hash functionsThe following are the tips related to hashing: **MD5 and SHA-1**. Hash. MD5 and SHA-1 methods produce a hash signature, and are the two of the most widely used methods. The MD5 algorithm has been shown to have weaknesses, and a collision of message hashes has been shown to occur in less than one day. An MD5 signature has 128 bits, an SHA-1 signature has 160 bits, and an SHA-256 signature has 256 bits.**MD5 Cracking**. Hash Cracker. MD5 has a 128-bit signature and can be cracked using rainbow tables. This page tries to crack the MD5 signature.**MD5 and SHA-1 (to Base-64)**Hash. MD5 and SHA-1 produces a hash signature, and the output is typically shown in a hex format or a Base-64. In this example the output is converted into a**Base-64**format.**MD5 and SHA-1 (to Base-64) with salt**Salt. It is possible to add salt to the MD5 algorithm, to mix it up a little.**MD2 and MD4**MD2/4. The MD2 and MD4 hashing functions were developed by Prof Ronald Rivest in 1989 and 1990, respectively. They both produce a 128-bit hash, but have been shown be vulnerable to attack (see the Collision section in the page).**Murmur and FNV**Murmur and FNV. While hashing methods such as MD5 and SHA-1 use crypto methods, the Murmur and FNV hashes uses a non-cryptographic hash function. This can be used for general hash-based lookup and was designed by Austin Appleby. It has good performance compared with other hashing methods.**Bloom Filter**Bloom filter. A Bloom filter goes a probabilistic method of determining if an element is in a data structure, using indexed hashing methods.**LM Hash**. LM Hash. This is an LM Hash Calculator. LM Hash is used in many versions of Windows to store user passwords that are fewer than 15 characters long.**APR1**. APR1. This produces an APR1 hash signature for a password.**phpass**. phpass. This produces a phpass hash signature for a password.**LDAP**. LDAP. This produces a LDAP hash signature for a password.**Chaffing**. Chaffing. This produces a keyless system.**Peason**. Pearson. This uses a non-crypto hash.**Whirlpool**. Whirlpool. Whirlpool is a 512-bit cryptographic hash function and was created by Vincent Rijmen (one of the AES creators) and Paulo Barreto, in 2000.**RIPEMD (RACE Integrity Primitives Evaluation Message Digest) and GOST**. RIPEM160. RIPEMD is a 128-bit, 160-bit, 256-bit or 320-bit cryptographic hash function, and was created by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. It is used on TrueCrypt and is open source. The 160-bit version is seen as an alternative to SHA-1, and is part of ISO/IEC 10118**Tiger**. Tiger. Tiger is a 192-bit hash function and was designed by Ross Anderson and Eli Biham in 1995. It is often used by clients within Gnutella file-sharing networks and does not suffer from known attacks on MD5 and SHA-0/SHA-1. Tiger2 is an addition, in which the message is padded with a byte of 0x80 (in a similar way to MD4, MD5, and SHA), whereas in Tiger it is 0x01. Otherwise, the two methods are the same in their operation.**WPA-2 hash**. WPA-2 hash. Implements SHA-2 hash.**Hash benchmark**. Benchmark. Benchmarks some hashing methods.**Hash values**. Hashes. Outlines hash method.**Open SSL Hash passwords**. Open SSL Passwords. This creates a hash value which has salt using a range of methods.**Detecting hash types**. Hash type. This detects has values.**Balls in bins**. BiBa. This implemented balls in bins.**Splunk hashed passwords (SHA512crypt)**. Splunk. This implemented SHA512crypt, as used in Splunk.
## Similarity hashesThe following are the tips related to similarity hashing: **Similarity hash (Charikar similarity)**Charikar similarity. The Charikar similarity is used to find similarities between strings, files and metadata.**Similarity hash (Nilsimsa similarity)**Nilsimsa. The Nilsimsa similarity is used to find similarities between spam emails.**Minhash (Jaccard similarity)**Jaccard similarity. The Minhash method is used to find similarities between strings, files and metadata.**String enthropy**String enthropy. Measurement of the entropy of strings.
## SHA-3 contendersThe following are the tips related to Key derivation hashing: **SHA-3**. SHA-3. SHA-3 was known as Keccak and is a hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. MD5 and SHA-0 have been shown to be susceptible to attacks, along with theoretical attacks on SHA-1. NIST thus defined there was a need for a new hashing method which did not use the existing methods for hashing, and setup a competition for competing algorithms. In October 2012, Keccak won the NIST hash function competition and is proposed as the SHA-3 standard. It should be noted that it is not replacement SHA-2, which is currently a secure method. Overall Keccak uses the sponge construction where the message blocks are XORed into the initial bits of the state, and then inevitably permuted.**SHA-3, Keccak and SHAKE**. SHA-3. Implements SHA-3, Keccak and SHAKE (SHA-3 winner).**Blake and Blake 2**. Blake. Implements Blake and Blake 2 (SHA-3 contender).**Skein**. Skein. Implements Skein (SHA-3 contender).**Grøstl**. Grøstl. Implements Grøstl (SHA-3 contender).-
**KangarooTwelve**. KangarooTwelve. Implements KangarooTwelve (SHA-3 contender). **SHAKE**. SHAKE. Implements SHAKE and which is an Extendable Output Function (XOF).
## Key derivation hashingThe following are the tips related to Key derivation hashing: **Bcrypt**. Bcrypt. This creates a hash value which has salt.**PBKDF2**. PBKDF2. The PBKDF2 method created a salted hashed value, and which is used to generate the main key for TrueCrypt.**PBKDF2 (Part 2)**. PBKDF2. The PBKDF2 method created a salted hashed value, and which is used to generate the main key for TrueCrypt.**Scrypt**. Scrypt. The Scrypt method created a salted hashed value using iterations and salting.**Argon2**. Go. Outline of Argon2.**Balloon**. Go. Outline of Balloon.**HKDF**. Go. Outline of HKDF (HMAC Key Derivation Function).**Double ratchet**. Go. Outline of double ratcheting.**SPAKE2**. Go. Outline of SPAKE2.
## Non-crypto/fast hashingThe following are the tips related to non-crypto hashing: **xxHash**. xxHash. xxHash is one of the fastest hashing methods.**FNV**. FNV. FNV is one of the fastest hashing methods.**Murmur**. Murmur. Murmur is one of the fastest hashing methods.**Spooky**. Spooky. Spooky is a fast hashing method.**Siphash**. Siphash. Siphash is a fast hashing method.**A perfect hash**Perfect hash. This is a non-crypto hash which optimizes the hash value.
## One Time Passwords/Time StampsThe following are the tips related to hashing: **One Time Passwords**. One Time. This allows a new unique password to be created each instance, based on an initial seed.**Timed One Time Password (TOTP)**. Timed One Time Password. This allows a new unique passcode to be created each instance, based on an initial seed for a given time window. We will use a five second window in this case, where a new passcode is generated every five seconds, based on an initial seed of a pass phrase.**Hashed One Time Password (HOTP)**. Hashed One Time Password. This allows a new unique passcode to be created each instance, based on a counter value and an initial seed.**Time Stamp Protocol**. TSP. This creates a time stamp for data.**HOTP and TOTP (Python)**. OTP. This creates hashed passwords.
## Message authentication codes (MACs)**OMA Digest**OMA. Open Mobile Alliance Device Management (OMA DM)**MAC Triple-DES**. MAC3DES. MACs can be used to authenticate a message, as a key is required to determine the hash value. With this the sender computes the hash with a secret key and sends to the receiver, where the receiver then calculates the hash of the message, and uses the secret key. If the hash received is the same as the computed one, the message has not been tampered with. The key size can be 8, 16 or 24 bytes. In this case, 24 bytes are used, and produces a hash of 8 bytes (64 bits), using the TripleDES encryption method.-
**HMAC**. HMAC. HMAC is a message authentication code (MAC) and can be used to verify the integrity and authentication of a message. It involves hashing a message with a secret key. As with any MAC, it can be used with a standard hash function, such as MD5 or SHA-1, which results in methods such as HMAC-MD5 or HMAC-SHA-1. As with any hashing function, the strength depends on the quality of the hashing function, and the resulting number of code bits. Along with this the number of bits in the secret key is a factor. **HMAC (Python)**. HMAC. HMAC is a message authentication code (MAC).
## PresentationThe following is an outline presentation on encryption: |