What Is A Digital Signature?
In an earlier post, I promised to explain how hashes relate to digital signatures. Let’s begin with a thought experiment: suppose you have a document you want to protect. Specifically, you want to let others (“recipients”) know that you wrote the document and that it has not been changed by anyone since you wrote it. […]
How to Verify Windows File Integrity with Hashes
As I write this, I am developing a skill (app) for Amazon’s Alexa voice service. A couple of days into the development I thought I’d accidently corrupted a critical file. Fortunately, I hadn’t, but it reminded me of the practice of discovering file changes by comparing file hash values against a baseline. The basic idea […]
Why an Upgrade to SHA-2 Needs to be Part of Your Cyber Security Strategy
Back in 2013 I introduced the concept of hashing to readers of this blog. We also discuss it in Learning Tree’s System and Network Security Introduction. One aspect of hashing I didn’t discuss much was hash algorithms. There have been many hash algorithms in popular use over the years including MD4 and Snefru, for many […]
Stored passwords, eggs and bread dough?
All three of these share the need for one thing: salt. So what is a password salt and why do we need them? In the early days of the UNIX timesharing system the file containing the users’ passwords was readable by all users (that began in version 6, in the mid 1970’s). The file had […]
Cracking At a Snail’s Pace
Some time ago I wrote about slowing down hash computation. A bit of further explanation seems to be in order. As we updated Learning Tree Course 468, System and Network Security Introduction recently we looked at cracking Windows 7 password hashes. The idea is to extract the hashes and run a program to process them and […]