Logo

Navigation
  • Home
  • Services
    • ERP Solutions
    • Implementation Solutions
    • Support and Maintenance Solutions
    • Custom Solutions
    • Upgrade Solutions
    • Training and Mentoring
    • Web Solutions
    • Production Support
    • Architecture Designing
    • Independent Validation and Testing Services
    • Infrastructure Management
  • Expertise
    • Microsoft Development Expertise
    • Mobile Development
    • SQL Server Database and BI
    • SAP BI, SAP Hana, SAP BO
    • Oracle and BI
    • Oracle RAC
  • Technical Training
    • Learn Data Management
      • Business Intelligence
      • Data Mining
      • Data Modeling
      • Data Warehousing
      • Disaster Recovery
    • Learn Concepts
      • Application Development
      • Client Server
      • Cloud Computing Tutorials
      • Cluster Computing
      • CRM Tutorial
      • EDI Tutorials
      • ERP Tutorials
      • NLP
      • OOPS
      • Concepts
      • SOA Tutorial
      • Supply Chain
      • Technology Trends
      • UML
      • Virtualization
      • Web 2.0
    • Learn Java
      • JavaScript Tutorial
      • JSP Tutorials
      • J2EE
    • Learn Microsoft
      • MSAS
      • ASP.NET
      • ASP.NET 2.0
      • C Sharp
      • MS Project Training
      • Silverlight
      • SQL Server 2005
      • VB.NET 2005
    • Learn Networking
      • Networking
      • Wireless
    • Learn Oracle
      • Oracle 10g
      • PL/SQL
      • Oracle 11g Tutorials
      • Oracle 9i
      • Oracle Apps
    • Learn Programming
      • Ajax Tutorial
      • C Language
      • C++ Tutorials
      • CSS Tutorial
      • CSS3 Tutorial
      • JavaScript Tutorial
      • jQuery Tutorial
      • MainFrame
      • PHP Tutorial
      • VBScript Tutorial
      • XML Tutorial
    • Learn Software Testing
      • Software Testing Types
      • SQA
      • Testing
  • Career Training
    • Career Improvement
      • Career Articles
      • Certification Articles
      • Conflict Management
      • Core Skills
      • Decision Making
      • Entrepreneurship
      • Goal Setting
      • Life Skills
      • Performance Development
      • Personal Excellence
      • Personality Development
      • Problem Solving
      • Relationship Management
      • Self Confidence
      • Self Supervision
      • Social Networking
      • Strategic Planning
      • Time Management
    • Education Help
      • Career Tracks
      • Essay Writing
      • Internship Tips
      • Online Education
      • Scholarships
      • Student Loans
    • Managerial Skills
      • Business Communication
      • Business Networking
      • Facilitator Skills
      • Managing Change
      • Marketing Management
      • Meeting Management
      • Process Management
      • Project Management
      • Project Management Life Cycle
      • Project Management Process
      • Project Risk Management
      • Relationship Management
      • Task Management
      • Team Building
      • Virtual Team Management
    • Essential Life Skills
      • Anger Management
      • Anxiety Management
      • Attitude Development
      • Coaching and Mentoring
      • Emotional Intelligence
      • Stress Management
      • Positive Thinking
    • Communication Skills
      • Conversation Skills
      • Cross Culture Competence
      • English Vocabulary
      • Listening Skills
      • Public Speaking Skills
      • Questioning Skills
    • Soft Skills
      • Assertive Skills
      • Influence Skills
      • Leadership Skills
      • Memory Skills
      • People Skills
      • Presentation Skills
    • Finding a Job
      • Etiquette Tips
      • Group Discussions
      • HR Interviews
      • Interview Notes
      • Job Search Tips
      • Resume Tips
      • Sample Resumes
 

How to use Hashes to Ensure Integrity

By Chandra Vennapoosa | on November 30, 2011 |
Networking

Introduction

Hashes are excellent within the field of cryptography. The hashes can be thought of as a type of transformation which captures input, and sends back a string which is fixed in size. This string is referred to as being the hash value.

Topics

  • Introduction
  • Hash Basics
  • Potential Applications for Hash Functions
  • Methods for Hardening Your Operating System
  • Role of Hashes in OS Hardening
  • What Comprises a Good Password?

Hash functions are directly connected to this property, and they will be used for a number of computational reasons, most notably cryptography. This hash value can be thought of as the precise symbolization of the message or document which is long, and from which it is derived.

The message digest could be thought of as a type of digital fingerprint, one which represents the bigger document. The cryptographic hash functions will be utilized to carry out integrity checks for the messages, and they will also carry out integrity checks for the digital signatures.

This is of great use in numerous security applications, which range from message integrity to authentication. The hash function will capture a string, no matter what its length, and this string will be taken in as input. It will then create a string with a specific length for the output.

This is referred to as being the message digest, or the digital fingerprint. The hash value, which is also known as a digest, can be thought of as a signature for a data stream which symbolizes the content.

A good analogy which can be used to described the hash function is comparing it to the seals which are tamper evident, which are commonly found with physical software packages.

For most standards and applications, the two hash functions which are most commonly accepted is the SHA-1 and MD5. Back in 2005, a number of security flaws were found in both of these algorithms.

Hash Basics

By 2007, the NIST presented a contest which would be used to invent a hash function which would be called SHA-3, and which would be susceptible to the FIPS standard. However, generally speaking, the hash function must behave like a function which is random, but it must still be deterministic, and should be computable in an efficient manner.

The hash will be considered vulnerable if it meets certain criteria. One of this criteria involves finding a message which matchs a digest which is given. Another criteria which designates a hash as being vulnerable is when collisions are found within two different messages that use the identical message digest.

If an attacker can use any of this criteria, they can utilize them as a substitute for authorized messages. Theoretically, it should not even be possible to find two messages that have digests which are identical, or even close in identity, and you would not want the attacker to be able to figure out anything useful from the message via its digest.

At the same time, if the attacker gets just a small bit of information, the digest can allow the attacker to notice the message if it should appear a second time. There are also a number of properties which are closely related to hash functions.

The hash function should be preimage resistant, second preimage resistant, and have weak collision resistance. It should be notoriously difficult to find two messages which are different with a hash that is collision resistant. However, there are many hash functions which are susceptible to what is called length extension attacks.

Even the most popular hash functions can be vulnerable to this. With the length extension attack, provided h(m) and len(m), but without m, by picking the suitable m, it is possible for an attacker to calculate h (m II m’) where II will define concatenation.

Potential Applications for Hash Functions

There are a number of potential applications where hash functions can be used. One good example is the verification for message integrity. It is important to determine whether or not modifications have been made to a specific file or message, and this can be accomplished with hash functions via the comparison of message digests which were calculated before and after transmission, as well as many other events.

The message digest can also be used to identify a file in a reliable manner. It can also identify systems for source code management, which includes Monotone along with Mercurial.

Hash functions are also useful for password verification. Passwords will typically not be stored within cleartext, and the reasons for this should be obvious. However, they will generally be stored within digest form. For authenticating the user, the password which is presented by the user can be hashed, and then compared with the stored hash.

This is typically referred to as being "one way encryption." Many digital signature algorithms will define that only the message digest be signed, rather than the whole message. Hash functions will also typically be used for pseudorandom bits. The top message digest algorithms that are used today include RIPEMD-160, MD5, and SHA-1.

Methods for Hardening Your Operating System

Many people choose to harden their OS so that they can maintain much higher levels of security. The first step in hardening your OS is to become familiar with the security policies which are related to it.

Whether you are working with Windows, Linux, or Solaris, each OS will have security policies which are distinct from others. At the same time, there are also many things that they all have in common. One of the most important steps in hardening your OS is to develop a strong password policy.

Most of the security which is related to your OS will be heavily dependent on the passwords you choose. To gain an understanding of how to use passwords properly, it is first important to understand the password requirements which are necessary for most operating systems.

Many operating systems, particularly Windows, will not store passwords in clear text. Instead, the passwords will be stored through the use of two distinct password representations, which are referred to as being hashes. This is done to ensure backwards compatibility.

One hash which is common with Windows is the LMHash. Also known as the Lan Manager hash, it is not really a hash, and is computed in a distinct way. The Lan Manager will be computed by converting the lower case characters for the passwords into upper case, padding the password with the NULL characters that are precisely 14 characters in length, and breaking the password into two pieces which are comprised of seven characters. It will use the pieces separately as DES keys to encrypt certain keys. Additionally, it will concatenate the twin ciper texts within the 128-bit string, and will store the results.

Role of Hashes in OS Hardening

Because of the algorithm which is utilized to create the LMHash, this hash is pretty easy to crack. Even if the password should be more than eight characters in length, it can simply be attacked in two pieces which are distinct. In addition to this, the whole lower cased part of the character set can be disregarded.

This basically means that many password crack tools can begin by simply cracking the LMHashes, and after this, they can alter the alpha characters within the password that has been cracked to create the passwords which are case sensitive.

If you are trying to login to your OS locally or remotely, you may need to use the password which is case preserved. Another type of hash which can be used for further hardening the OS is the NTHash. Known as the Unicode hash, it provides support for the whole Unicode character group.

The NTHash can be calibrated by using the plaintext password and creating the MD4 hash from it. Once this is done, the MD4 hash will be stored. The NTHash is much better than the LMHash because it can resist brute force attacks to a much higher degree.

If anyone should try to use a brute force attack on an OS that makes use of NTHash, it will take a much longer period of time for the attack to be successful, especially when compared to using such an attack on the LMHash. After the hash, the next important step in hardening your OS is to understand what comprises a good password.

There are a number of guidelines that exist for creating a good password, and understanding these will allow you to make your OS much more resistant to attacks and unauthorized attempts to access it.

What Comprises a Good Password?

The typical password should always be longer than seven characters. If it is not, the second portion of the LMHash will be an encryption which makes use of the NULL password. The password should also be comprised of 3 elements that come from the four primary character sets, and these are the Lowercase characters, the Uppercase characters, Non-alpha numeric characters, and Numbers. It is also important to keep in mind that passwords should never use any part of the username, and they should not be comprised of common words.

With most operating systems, the complexity of the password will be determined by the password filter. This filter can be extended to form a complete group policy. It is also possible for the administrator to customize the requirements for the password complexity, and this can be accomplished via the customized password filter.

For instance, this filter could act to enforce the fact that the name of a company or organization never be used in the password. Password filters play an important role in hardening operating systems, but the policies an organization follows is a very important part of computer/network security.

« « Data Protection Protocols
Importance of Goal Setting » »

Author Description

Chandra Vennapoosa

Chandra Vennapoosa, B.S Arch Graduate, Managing Director - Exforsys Inc, Founder of exforsys.com and geekinterview.com. Chandra's mission is "to provide quality career coaching and interview advice for aspiring candidates". She is an avid writer and is also very passionate to help others become professional freelancers. In addition to several online trainings, she has authored the popular book "How to Become a Successful Freelancer"

Free Training

RSSSubscribe 392 Followers
  • Popular
  • Recent
  • Mesh Topology

    March 2, 2008 - 0 Comment
  • IPv6

    March 20, 2008 - 0 Comment
  • Data Protection Protocols

    November 30, 2011 - 0 Comment
  • Star Topology

    March 2, 2008 - 0 Comment
  • High Level Data Link Control (HDLC)

    March 29, 2008 - 0 Comment
  • Tree Topology

    March 4, 2008 - 0 Comment
  • Asynchronous Transfer Mode (ATM) Switching

    February 13, 2008 - 0 Comment
  • Internet Protocols (IP)

    March 5, 2008 - 0 Comment
  • Bus Topology

    February 21, 2008 - 0 Comment
  • Fiber Distributed Data Interface (FDDI)

    March 6, 2008 - 0 Comment
  • Data Protection Protocols

    November 30, 2011 - 0 Comment
  • How to Effectively Protect Your System

    November 28, 2011 - 0 Comment
  • Network Security Firewall and Architecture

    November 26, 2011 - 0 Comment
  • Preventing Network Intrusion

    November 24, 2011 - 0 Comment
  • Creating and Developing Security Policies

    November 23, 2011 - 0 Comment
  • Linux Thin Client Networks Design and Deployment

    October 2, 2009 - 0 Comment
  • High Level Data Link Control (HDLC)

    March 29, 2008 - 0 Comment
  • IPv6

    March 20, 2008 - 0 Comment
  • High-Speed Serial Interface (HSSI)

    March 20, 2008 - 0 Comment
  • Frame Relay

    March 17, 2008 - 0 Comment

Exforsys e-Newsletter

ebook
 

Related Articles

  • Data Protection Protocols
  • How to Effectively Protect Your System
  • Network Security Firewall and Architecture
  • Preventing Network Intrusion
  • Creating and Developing Security Policies

Latest Articles

  • Project Management Techniques
  • Product Development Best Practices
  • Importance of Quality Data Management
  • How to Maximize Quality Assurance
  • Utilizing Effective Quality Assurance Strategies
  • Sitemap
  • Privacy Policy
  • DMCA
  • Trademark Information
  • Contact Us
© 2023. All Rights Reserved.IT Training and Consulting
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.AcceptReject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT