Objective ad Verbatim:
“In this project, you will download different hash generators to compare hash values.” (Ciampa, 2009)
Process:
1. I pointed my browser (Firefox) to md5deep.sourceforge.net to download MD5Deep, a utility program to generate the hash from a file.
2. After the download completed, I extracted thecontents of the zip file to my desktop.
3. Next, I opened up my Word processor, typed in the sentence, “Now is the time for all good men to come to the aid of the country.” and saved the file as country1.docx.
4. I saved the sentence, “Now is the time for all good men to come to the aid of the country” (without the period), as country2.docx.
5. Tabbing to the desktop, I navigated to the MD5Deep folder.
6. Now, opening a command prompt and navigating to the MD5Deep folder, I generated the MD5 hash of the md5deep.txt file {md5deep md5deep.txt}. The program outputted the MD5 hash in the next line.
7. Next, I used MD5Deep to generate the MD5 hashes of country1.docx and country2.docx to compare the differences between the two document files with slightly different contents { md5deep country1.docx country2.docx}.
8. Continuing on my bid to explore and compare the strengths and weaknesses of different hashing algorithms, I used SHA1 to generate hashes of country1.docx and country2.docx {sha1deep country1.docx country2.docx}.
9. Next, I used SHA256 to hash the two document files {sha256 country1.docx country2.docx}. [9_sha256]
10. Finally, I tested out the Whirlpool algorithm. It generated a considerably longer hash than the other algorithms tested {whirlpooldeep country1.docx country2.docx}.
Reflection:
It is necessary to clarify that the underlying premise of hashing is to maintain integrity. Now, hashing algorithms might not contain the same mathematical formulae or work the same way but there is one crucial attribute shared by all the hashing algorithms: the function used to generate the hash is _one-way_.
i.e. There is no way to derive the original plaintext from the checksum.
However, hashing algorithms are not foolproof. Collisions, as an example, are a prevalent risk. This is especial when pertaining to hashing algorithms which generate hashes in a weak way or generate hashes that are too short. The shorter the length of the hash, the more collisions it might incur. This is the basic principle behind a birthday attack. The more prone to collisions a hashing algorithm is, the higher the probability of a random collision.
From the exercise done, we can see that (simply by observing the length of the hash) MD5 is the most prone to collisions while Whirlpool is the least prone. This may translate to increased security in terms of probability theory.
Sine Cera,
Jeremy Heng.
"Quis custodiet ipsos custodes?"
Hands-On Project 11.1 Sources
No comments:
Post a Comment