Overview
1.1 Hash
Hash, the general translation to do "hash", there is a direct transliteration to "hash", is the arbitrary length of the input (also known as the pre-image), through hashing algorithm, transform into a fixed length of output, the output is hash value. This conversion is a compression map, in which the space of the hash value is usually much smaller than the input space, and different inputs may be hashed out into the same output, so it is not possible to uniquely determine the input value from the hash value. Simply put, a function that compresses messages of any length into a message digest of a fixed length.
Introduction to common hash algorithms:
(1) MD4
MD4 (RFC 1320) was designed by MIT's Ronald L. Rivest in 1990, and MD is the abbreviation for message Digest (Messages Digest). It is implemented on a 32-bit word processor with high-speed software-it is based on a bit operation of 32-bit operands.
(2) MD5
MD5 (RFC 1321) is an improved version of Rivest in 1991 for MD4. The input is still grouped with 512 bits, and its output is a cascade of 4 32-bit characters, same as MD4. MD5 is more complex than MD4, and slower, but safer, and better at resistance to analysis and differentiation.
(3) SHA-1 and others
The SHA1 is designed by the NIST NSA to work with DSA, which produces a 160bit hash value for inputs that are less than 264 in length, and therefore has a better anti-poor (brute-force) nature. The SHA-1 design is based on the same principle as the MD4 and imitates the algorithm.
The application of hash algorithm in information security is mainly embodied in the following 3 aspects:
(1) File verification
We are familiar with parity check algorithm and CRC checksum, these 2 kinds of checksums do not have the ability to tamper with data, they can detect and correct the channel error in data transmission to some extent, but can not prevent malicious damage to the data.
The "digital fingerprint" feature of MD5 hash algorithm makes it become one of the most widely used file integrity checksum (Checksum) algorithms, and many UNIX systems provide the command to compute MD5 Checksum.
(2) Digital signature
Hash algorithm is also an important part of modern cryptography system. Because of the slow operation speed of the asymmetric algorithm, the one-way hash function plays an important role in the digital signature protocol. The Hash value, also known as a "digital digest", is digitally signed and can be considered to be statistically equivalent to the digital signature of the file itself. And there are other advantages to such an agreement.
(3) Authentication agreement
The following authentication protocol is also called Challenge-Certification mode: This is a simple and secure way to be able to be listened to, but not tamper with, a transmission channel. These are some basic preliminary knowledge about hashing and its related.
Windows Hash
Windows hash consists of two parts, respectively, LM hash&nt hash. The Windows system consists of the following hashes:
User name: Rid:lm-hash value: Nt-hash value
2.1 The principle of LM hash generation under Windows
LM hash generation rules are as follows:
1. The user's password is limited to a maximum of 14 characters.
2. The user's password is converted to uppercase.
3. The user's password code in the system uses the OEM inner code page
4. Less than 14 bytes of password will be filled with 0来.
5. Fixed-length passwords are divided into two 7byte sections. Each part is converted to a bit stream, and a new encoding is formed by adding 0 to the end of the 7bit group.
6. The 8byte two groups obtained from the previous steps are encrypted as Des key for "kgs!@#$%".
7. The final LM hash value is obtained by encoding the two Group DES encryption.