Atitit. Attilax Summary of Secure Signature digest algorithms

Atitit. Secure Signature Algorithm Attilax Summary

1. MD5 (not recommended) The result is a 128-bit binary, only a 16 binary string is 32 bits 1

2. the length of the cipher string after encryption using the SHA1 algorithm is a bit more secure. SHA2 1 higher safety

3. CRC32 ( General 8 -bit data ) 2

4. Will the SHA-1 collide? 3

5. Lm-hash ( three characters ) 3

6. Nt-hash value is ( three characters ) 4

1. MD5 (not recommended) The result is a 128-bit binary, only a 16 binary string is 32 bits

And this is an irreversible transformation process, to crack can only be poor lift, the difficulty is very large, in theory 8-bit cipher combination has (26 letters +10 digits +21 commonly used English symbols) 8 of the species may, to now better machine machine to count for more than a year. MD5 encrypted string length has 16-bit and 32-bit two kinds. But recently MD5 heard to have been cracked (heard or by our countrymen broke, admire Ah!) ), can quickly crash to the password, but the cracker has not yet spread out.

MD5 maps any length of "byte string" to a large integer of 128bit, and is pushed through the 128bit ... This encryption technique is widely used in UNIX systems, which is why UNIX systems are more

, the MD5 result is a 128-bit binary, which is only converted to a 16 binary string that is 32 bits

Author :: Old Wow's paw attilax ayron, email:[email protected]

Reprint please indicate source: Http://blog.csdn.net/attilax

2. UseSHA1the cipher string length after the algorithm is encrypted has +bit, relatively more secure. Sha2Higher Security

3,SHA1

SHAall calledSecure Hash Algorithm, also called the Secure Hash algorithm. SHAby the National Security Agency (NSANational Institute of Standards and Technology (NIST) published,SHAThe family algorithm hasSHA-1,SHA-224,SHA-256,SHA-384and theSHA-512(the latter four are often calledSHA2), principle andMD4,MD5similar. SHAYou can add a maximum2^64Bits (2305843009213693952bytes) information, converted into a string of theBits ( -(summary information), which is currently the most widely usedHASHalgorithm. WithMD5, from a theoretical point of view,SHA1nor is it absolutely reliable, and has now been foundSHA1the collision condition, but"Practical"collision algorithm software has not yet appeared. So the United StatesNISTstart working againSHA2, research the updated encryption algorithm.

The use of SHA1 in Microsoft Visual Studio 2005 is also simple, as follows in C # SHA1 examples of encrypted strings:

public string SHA1 (String str)
{
Return System.Web.Security.FormsAuthentication.

HashPasswordForStoringInConfigFile (str, "SHA1"). ToLower ();
}

But in the end there is an unfortunate news that the SHA1 algorithm has been cracked, the National Institute of Standards and Technology (nationallyInstitute of standards and technology sha-256 or sha-512 algorithms are recommended

3. CRC32 (General8bit Data)

Crcall calledCyclic Redundancy Check, also called cyclic redundancy check. CRCis currently used in the oldest of a validation algorithm, it is by theW. Wesley Petersonin the1961published in an annual paper,CRCa hash function that produces a short fixed-digit check code based on data such as a network packet or computer file (HASH, the arbitrary length of the input through the hashing algorithm, the final transformation into a fixed-length digest output, the result is a hash value, according toHASHalgorithm,HASHhaving one-way, irreversible), mainly used to detect or verify the data transmission or the error that may occur after saving. The generated number is computed and appended to the data before it is transmitted or stored, and the receiver checks to determine whether the data has changed. In general, the value of the cyclic redundancy check is +bits of an integer. This function is widely used because it is easy to use binary computer hardware, easy to perform mathematical analysis and is especially good at detecting errors caused by transmission channel interference.

AlthoughCRCis useful in error detection, butCRCdata integrity is not reliably verified becauseCRCpolynomial is a linear structure that can be easily changed by changing the data way to achieveCRCcollisions, here gives a more popular explanation, assuming a string withCRCverification code in the transmission, if there is a continuous error, when the number of errors reached a certain number of times, then almost certainly will have a collision (value is not correct butCRCresults correctly), but withCRCas data bits increase, the collision probability is significantly reduced, such asCRC32thanCRC16with more reliable validation,CRC64It's better thanCRC32more reliable, of course, it's all in accordanceITUstandard conditions.

Because CRC has the above characteristics, for the transmission of file classes on the network is rarely used only CRC as a verification basis, the file transfer is more risk than the communication underlying transmission, it is susceptible to human intervention.

Add: Although the current calibration algorithms have found a crack condition, but like the current mainstream use of MD5, SHA1 or trustworthy, because MD5 and SHA1 have a high degree of dispersion, even if only one byte value modification will result in MD5 or SHA1 value "huge" change, from a practical point of view, The possibility of different information with the same MD5 or SHA1 code is very low, it is generally considered impossible, for ordinary download file or operating system, want to by simply modify a certain byte or some bytes, but also to ensure the file name, size and installation reliability under the premise, want to achieve MD5, The SHA1 collision effect is also almost impossible.

What to worry about now

　　MD5 collisions are already being discovered, but do we need to worry, I'm going to say, so far don't worry, first of all, to construct MD5 collisions are very difficult, theoretically the longer the string MD5 the more unlikely the same, and with SHA-1 algorithm help, two-pronged, there is no too much problem, so now MD5 There is no time to be discarded.

4. SHA-1will it collide?

　　SHA-1 collisions can occur, but the odds are greater than MD5 small and much.

How to solve a collision

Resolving collisions can actually be done byMD5and theSHA-1used in conjunction with the implementation. I did this by first going to fileAof theMD5values are recorded asBand putAof theSHA-1recorded asC, then use theBand theCadd and then compute againMD5The value is good,MD5the probability of a value collision is already small, and then combinedSHA-1, there is basically no collision problem. Before the new algorithm became popular,MD5can continue to be used.

5. Lm-hash (32of characters)

LanManager (LM)

(1) Principle of LM Hash value generation under Windows

Assume that the plaintext password is "Welcome", first convert all to uppercase "Welcome", and then do the password string after the capitalization of the string transformed into a binary string: "Welcome", 57454c434f4d4500000000000000

Tip: You can copy the plaintext password into the UltraEdit editor using Binary view to get the binary string of the password.

Description: If the plaintext password is converted to an uppercase binary string of less than 14 bytes, then you need to add 0x00 to complement the 14 bytes thereafter. Then cut into two groups of 7 bytes of data, respectively, through the Str_to_key () function to get two sets of 8 bytes of data:

57454c434f4d45-str_to_key (), 56a25288347a348a
00000000000000-str_to_key () 0000000000000000

These two sets of 8 bytes of data will be done as Deskey to the magic string "[email protected]#$%" For standard des encryption

"[Email protected]#$%", 4b47532140232425

56A25288347A348A-Standard DES encryption for 4b47532140232425, c23413a8a1e7665f

0000000000000000-Standard DES encryption-aad3b435b51404ee for 4b47532140232425

After the encryption of the two sets of data simple splicing, you get the last LM Hash

LM Hash:c23413a8a1e7665faad3b435b51404ee

6. The Nt-hash value is (32of characters)

。 The early SMB protocol transmits plaintext passwords over the network. Later, the "LAN Manager challenge/response" authentication mechanism, called LM, is so simple that it can be easily cracked. Microsoft has proposed a WindowsNT challenge/response verification mechanism called NTLM

Principle of NTLM Hash generation under Windows

There are several weaknesses in the LM hash algorithm designed by IBM, and Microsoft has put forward its own challenge response mechanism while maintaining backward compatibility, and the NTLM hash was born. Assuming that the plaintext password is "123456", first converted to a Unicode string, unlike the LM hash algorithm, this time does not need to add 0x00 to complement 14 bytes

310032003300340035003600, "123456"

When converting from an ASCII string to a Unicode string, using the Little-endian sequence, Microsoft does not consider the Big-endian sequence when designing the entire SMB protocol, and the ntoh* () and hton* () functions are not suitable for SMB packet decoding. The standard ASCII code before 0x80 is converted to Unicode code, simply from 0x?? Into 0x00??。 Such standard ASCII strings are converted into Unicode strings in Little-endian order, simply by adding 0x00 after each byte of the original. A standard MD4 one-way hash of the obtained Unicode string, regardless of the number of bytes in the data source, MD4 fixed to produce a hash value of 128-bit.

16 byte 310032003300340035003600-standard MD4 one-way hash, 32ed87bdb5fdc5e9cba88547376818d4

You get the last NTLM Hash.

NTLM Hash:32ed87bdb5fdc5e9cba88547376818d4

Compared with the LM hash algorithm, the plaintext password is case-sensitive, unable to determine whether the original plaintext password is less than 8 bytes according to the NTLM hash, and get rid of the magic string "[email protected]#$%". MD4 is a true one-way hash function, which is difficult to use as the plaintext of the data source.

LM can only store password hash less than or equal to 14 characters, if the password is greater than 14, Windows will automatically use NTLM to encrypt it, (this in the LC5 there are two ways to crack, so can not be broken out when the idea of a different way, basically NTLM) In general, using pwdump or some other hash export tool (such as Cain) exported hash has the corresponding LM and NTLM values, that is, the number of bits <=14, if it is greater than 14 bits then only the corresponding NTLM hash is available, then LM will have a value, But it's useless for us to check the LM Rainbow Watch.
Operating system: For XP, Win2K, and Win2k3, the system uses LM for encryption (also artificially set to NTLM), then LM is disabled for win2008, Win7, and Vista, and NTLM is used by default, so do not hold LM-generated rainbow Table to find the hash value of NTLM, but the reverse is possible, because the use of LM mode of encryption often there is a corresponding NTLM hash (if the password bit <=14, the system at the same time the password using NTLM encryption and storage of NTLM hash), This is the NTLM hash that was used to find the ophcrack NTLM table, not the LM hash.

CRC32,MD5,SHA1 Algorithm Verification Introduction _ think of the blog . htm

Windows NT_NTLM Encryption-jackywu1010 's column-Blog channel-CSDN.NET.htm

Atitit. Attilax Summary of Secure Signature digest algorithms