Hash algorithms: SHA-1 and MD5
Take coffee grinder as an anology, it is easier to grind coffee beans into coffee powder however it is unfeasible to revert coffee powder back to beans.
Coffee bean is the analogy of your data, the grinder is the hash function and the powder is the product of the hash known as digest or fingerprint.
The hash function provide a similar function as CRC, it is mainly use to authenticate data integrity and to prevent data being changed accidentally while transmitting, hash function does not add in to data security.
The hash function should be a one way function and also should have collision-free feature, this means two messages after hashed will not produce the same digest.
Main application of hash algorithm:
1. Provide proof of integrity of the data such as file checkers example bittorrent uses hash to provide the integrity of the data, the digest of the received data must be the same as the digest of the transmitted data. If the digests are not the same then the transmitted data has been tampered.
2. Provide proof of authenticity when it is used with a symmetric authentication key. That is to proof that the source is authentic.
3. Use for one way and one time responses to challenges in authentication protocols example CHAP used by PPP to authenticate user.
CHAP works like this, both routers have configured a username and a password, both routers will share the SAME password. During the challenge handshake process, the authenticating router will send a MD5 digest (password being hashed) over the PPP link to the authenticator router. The authenticator router will then hash its own password and see if the MD5 digest is the same as the MD5 digest received from the authenticating router, if not the same then the link will be disconnected.
Last time I thought MD5 was an encryption, well now I know, IT’S NOT AN ENCRYPTION IT’S A HASH FORMULA! Encryption can be decrypted and hence it’s reversible, a hash function CANNOT BE REVERSED.
If you want to find out more about PPP – CHAP, read the CCNA study guide chapter 14 WAN written by Todd Lammle. Or you can read http://tools.ietf.org/html/rfc1994 if you have insomnia… lol….
Well here’s an excerpt from RFC1994:
“This authentication method depends upon a “secret” known only to the
authenticator and that peer. The secret is not sent over the link.”
Well the secret is the password shared between the authenticator and the peer, but the password is not sent over the link, only the digest of the password is sent over and since it cannot be reversed it is useless even if it is intercepted by a hacker.
Two types of Hash algorithms are used in present day:
1. MD5, 128-bit long digest
2. SHA-1, 160-bit long digest. Since the hash length is longer it is supposed to be more secure than MD5
Both algorithms were derived from MD4, MD4 has been broken (that’s why…irreversible is only an ideal) hence both algorithms are similar. The development of SHA-1 was because there’s a non-critical flaw found in MD5, however as I have heard until now it is still not proven that the so-call flaw is really a flaw…-_-“.. but.. still anything created by human will have a flaw…
Nowadays MD5 is treated as a secondary choice for hashing and SHA is chosen as the primary choice of hashing, thanks to that finding that there’s a “flaw” in MD5 -_-”
If you have studied for CCNA exam you will come across a command known as “service password-encryption”, this command will encrypt your password using Vignere cipher, and this can be reversed because it is an encryption; figuring out a decryption formula is feasible it is only a matter of time, if you google it you will find there’s a site to crack cisco password; This site actually explains why you should use “enable secret”. The “enable secret” command will hash your enable password with MD5.