Know how MD5 works
Know how SHA works
Hashing algorithms take a variable amount of data and compress it into a fixed length value, which is referred to as a hash value. Hashing provides a fingerprint of the message Strong. hashing algorithms are hard to break and will not produce the same hash value for two or more messages. Hashing is used to provide integrity. It can help verify that information has remained unchanged. Figure 12.5 gives an overview of the hashing process.
Figure 12.5. The hashing process.
Programs such as Tripwire, MD5sum, and Windows System File Verification all rely on hashing. The biggest problem for hashing is collisions. Collisions are when two or more files create the same output. The two most commonly used hashing algorithms are Message Digest Algorithm version 5 (MD5) and Secure Hash Algorithm 1 (SHA-1). Both algorithms are explained here:
- MD5 Creates a fixed 128-bit output. MD5 and the other MD hashing algorithm were created by Ron Rivest. It segments the data in blocks of 512 bits. MD5 digests are widely used for software verification to provide assurance that a downloaded file has not been altered. A user can compare a published MD5sum with one he calculates after downloading. The output of an MD5sum is 32 characters long.
When considering hash values, remember that close does not count! If the hashes being compared differ in any way, even by just a single bit, the data being digested is not the same.
- SHA-1 SHA is similar to MD5. It is considered the successor to MD5 and produces a 160-bit message digest. However, this large message digest is considered less prone to collisions. SHA-1 is part of a family of SHA algorithms, including SHA-0, SHA-1, and SHA-2.
Collisions occur when two message digests produce the same hash value. Attackers can use this vulnerability to make an illegitimate item appear genuine.
As you have seen, hashing is an important way to ensure the validity of a file. In this challenge exercise, you will practice creating and verifying hash values.
- You use the MD5sum program for this challenge, so you will need to download it from www.etree.org/md5com.html. Save the program in the root of the C: drive.
- After the program downloads, you will need a demo file to explore MD5sum's functionality. Therefore, create a text file in the C: drive and name it test.txt. In the test.txt file, create a few lines of text.
- Because MD5sum is a command-line program, you will need to open a command prompt and change to the root of the C: drive. Execute md5sum test.txt. Your results should appear similar to the following 32-bit sum:
C:>md5sum c: est.txt
- Now open the test.txt file and make a single change to the text inside the document. Afterward, rerun md5sum.txt and observe the results. Were they the same? You should have noted a change in the MD5sum output. Just a small change in the input should produce a big change in the resulting hash.
- Finally, change the name of the test.txt file. For example, you could change it to test1.txt. After it has been changed, run MD5sum again. Were there any change in the MD5sum output? You should have noted that the hash did not change from the one shown in step 4. Hashing algorithms don't care about dates and time stamps; they are designed to verify the contents of the file.