0% found this document useful (0 votes)
9 views14 pages

Chapter 5 Hashing

Chapter Five discusses hashing, a process of transforming data into fixed-length values for efficient data retrieval and security. It covers hash functions, guidelines for effective hashing, characteristics of good hash algorithms, and common algorithms like MD5, SHA-1, and bcrypt. The chapter also highlights the application of hashing in data integrity, password storage, digital signatures, and digital forensics.

Uploaded by

Liyat Tesfaye
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
9 views14 pages

Chapter 5 Hashing

Chapter Five discusses hashing, a process of transforming data into fixed-length values for efficient data retrieval and security. It covers hash functions, guidelines for effective hashing, characteristics of good hash algorithms, and common algorithms like MD5, SHA-1, and bcrypt. The chapter also highlights the application of hashing in data integrity, password storage, digital signatures, and digital forensics.

Uploaded by

Liyat Tesfaye
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

COMPUTER CRIME & DIGITAL

FORENSIC
CHAPTER FIVE: HASHING

INSTRUCTOR : SAMUEL TAMIRAT


PhD candidate
MAIN POINT

• Hashing
• Hash Function
• Hashing Guideline
• Salting and Peppering
• Hashing characteristics
• Common Hashing algorithms
HASHING

• Hashing is the process of transforming any given key or a string


of characters into another value.
• This is usually represented by a shorter, fixed-length value or key
that represents and makes it easier to find or employ the original
string.
• The most popular use for hashing is the implementation of hash
tables.
• A hash table stores key and value pairs in a list that is accessible
through its index. Because key and value pairs are unlimited, the
hash function will map the keys to the table size. A hash value then
becomes the index for a specific element.
HASH FUNCTION

• A hash function generates new values according to a


mathematical hashing algorithm known as a hash value
or simply a hash.
• To prevent the conversion of hash back into the
original key, a good hash always uses a one-way hashing
algorithm.
• Hashing is relevant to but not limited to data indexing
and retrieval, digital signatures, cybersecurity and
cryptography.
HASHING GUIDELINE

• Hash function should be able to hash in mass with a reasonable limit to prevent
exploitation.
• Hash digest must be dependent on each bit. This will help In creating as many unique
hashes as possible.
• Prevent hash collision. (Collison occurs when there are two exactly same hash
values/digests.
• Salting & Peppering can help prevent collisions.
SALTING
PEPPERING
HASHING CHARACTERISTICS

• Fixed Output Size:


• Regardless of the input size, a hash function produces a fixed-size output. For example, the
SHA-256 algorithm generates a 256-bit hash value.
• Deterministic:
• The same input will always produce the same hash output. This deterministic nature is
essential for consistency and verification purposes.
• Quick Computation:
• Hash functions are designed to be computationally efficient. They should produce the hash
value quickly, even for large inputs.
HASHING CHARACTERISTICS (CONT.…)

• Avalanche Effect:
• A small change in the input should result in a significantly different hash value. This property
ensures that similar inputs do not produce similar hash codes.
• Pre-image Resistance:
• It should be computationally infeasible to reverse the hash function and obtain the original
input from its hash value.
• Collision Resistance:
• Collisions occur when two different inputs produce the same hash value. A good hash
function minimizes the likelihood of collisions.
COMMON HASHING ALGORITHMS

• MD5 (Message Digest Algorithm 5):


• MD5 produces a 128-bit hash value. However, due to vulnerabilities, it is no longer considered secure for cryptographic
purposes.

• SHA-1 (Secure Hash Algorithm 1):


• SHA-1 produces a 160-bit hash value. Like MD5, SHA-1 is considered insecure due to vulnerabilities, and its use is deprecated.

• SHA-256, SHA-384, SHA-512:


• Part of the SHA-2 family, these algorithms produce hash values of 256, 384, and 512 bits, respectively. They are widely used for
cryptographic purposes.

• bcrypt:
• bcrypt is a key derivation function designed for securely hashing passwords. It includes a cost factor that adjusts the
computational effort required, making it resistant to brute-force attacks.

• Argon2:
• Argon2 is a password hashing algorithm that won the Password Hashing Competition in 2015. It is designed to be memory-hard
and resistant to GPU and ASIC attacks.
HASHING APPLICATION

• Data Integrity:
• Hashing is used to verify the integrity of data during transmission. If the hash value of the received data matches the
expected hash value, the data is likely intact.

• Password Storage:
• Hash functions are employed to securely store passwords. Instead of storing plaintext passwords, systems store the
hash values. During authentication, the entered password's hash is compared with the stored hash.

• Digital Signatures:
• Hashing is used in digital signatures to create a fixed-size representation of a message that is then encrypted with the
sender's private key. The recipient can verify the signature using the sender's public key.

• Blockchain Technology:
• Blockchain relies heavily on hashing for creating secure and tamper-resistant links between blocks. Each block contains a
hash of the previous block, forming a chain.
HASHING FOR DIGITAL FORENSIC

• File hashing is the act of attempting to uniquely identify a file.


• Different hash algorithms can be used for this purpose, but some are weaker than others and are
more likely to have collisions. Some common algorithms are provided.

• Once a file has been hashed, it can be compared with other file hashes.
• A common technique in incident response is to search for a file’s hash value on Google and
determine if the file’s been seen before, and if so what its purpose is.
HASHING FOR DIGITAL FORENSIC
(CONT.…)
• Another technique used in contraband cases is to match a file’s hash value with that of
known contraband images to determine if the file had been seen before.
• In the case of trying to determine if a file is child sexually abusive material, identifying a
file by hash value can help law enforcement prove the images are of a known victim.
• File hashing can also be used to whitelist files based on their signature.
• The white listing process can result in data reduction in a case by removing legitimate
files from a timeline. Doing so runs the risk of removing data from the analyst’s view
because attackers may use legitimate Windows file stopper form their tasks.
SHA1,MD5 HASHING ALGORITHMS

You might also like