Password Hashes - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Password Hashes

  1. #11
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    It's not an encrypted result. An encrypted result would be a cipher text (the plaintext encrypted). It's a form of integrity check, if you will. Basically, verifies that the information hasn't changed and if it has, then the input is suspect. It's just a mathematical result of some data being put through an algorithm.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #12
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    351
    if its the mathematic result of terms going through an algorithm...then is it not the encryption result?

    whether is LM, MD5, or SHA1...they all come out as (theoretically) one way encryption, correct?

    the hashes are the result of the encryption algorithm..and in order to check the password, or the integrity of the file...information is encrypted and compared to the hash...if they differ, then the file's changed, or the password's wrong.

    if im wrong with what i said above, please explain how, because this is how it works AFAIK

    A_T
    Geek isn't just a four-letter word; it's a six-figure income.

  3. #13
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    encryption and hashing

    This is now a discussion about definitions.
    So let me give you some definitions (based on my taste):

    (two-way) encryption: 3DES,CAST5,AESxxx (="two-way" cipher)

    first way - encryption: generates from plaintext a ciphertext
    second way - decryption: generates from ciphertext a plaintext

    Note: there is only one ciphertext for a given plaintext, and for
    a given ciphertext, there is only one plaintext. ("well-defined cipher").


    (one-way) hash (misleadingly often called one-way encryption): MD5, SHA1, SecWare1

    the only way - "hashing": generates a "ciphertext"=hash from a "plaintext"

    Note: there can be several "plaintexts" for one "ciphertext"=hash ("collisions"),
    but there is only one "ciphertext"=hash for a given "plaintext".

    Another note: CISSP's learn ( ) that hashing does not encrypt the message.
    It creates a "fingerprint" to enable the testing of integrity. (Hm, I have just
    realised that I am paraphrasing MsMittens. Sorry about that).


    a very simple example of "hashing": SecWare1

    "plaintext": myverylongtesttext

    SecWare1 hashing - scheme:
    - translate every letter into its ascii value
    - add all these values. result: 1453
    - take the sum of the digits, until a number between 0 and 9 is reached:

    1+4+5+3 = 13 -> 1+3 = 4

    the SecWare1 hash of "myverylongtesttext" = 4

    collision:
    the SecWare1 hash of "L " = in ascii 76. Sum: -> 7+6 = 13 -> 1+3 = 4

    ergo: "myverylongtesttext" and "L" give the same hash-value. If a password-
    verification is based on this hash, you could login with either
    "myverylongtesttext" or "L".

    Conclusion: This hash is very bad, but actually is used in a slightly modified
    version (ISBN numbers of books. Some of you might have noted that I have
    cheated here. ISBN is not actually a "one-way" hash, I think, because an attacker
    can modify the message as well as the hash. But here I should stop, as it
    goes too far).



    Cheers
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  4. #14
    Member
    Join Date
    Oct 2004
    Posts
    45
    if the hashes are the results of the encryption algorithms, then how can we get the hashes of a password ???
    [gloworange][shadow]www.geocities.com/dia_byte0 [/shadow] [/gloworange]

    No To 1559 !

    Signature image is too tall!

  5. #15
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    351
    to get the hash of a password, you pass it through the hashing algorithm. the result is the hash (usually unencryptable). when someone logs on to the system, whatever they type in is passed through the algorithm, and that result is compared with the original one.

    A_T
    Geek isn't just a four-letter word; it's a six-figure income.

  6. #16
    Senior Member
    Join Date
    Jan 2004
    Posts
    124
    When I think about hash I often see it like kind of CRC, or ParityCheck with much larger numbers and math operations. Ofcourse it is very very very simplified view.
    Ikalo
    ------
    Make your knowledge your deadliest weapon.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •