Bitten Tech Solutions

Hashing, Windows and Linux Encryption

A hash function, “H” for example, is a function that takes a variable-size input “m” and returns a fixed-size string. The value that is returned is called the hash value “h” or the digest. This can be expressed mathematically as “h = H(m)”. There are three properties a hash function should have:

Hashing is how Windows stores passwords. For example, if your password is “password”, then Windows will first hash it, producing something like:

“0BD181063899C9239016320B50D3E896693A96DF”. 

It then stores that hash in the SAM (Security Accounts Manager) file in the Windows System directory. When you log on, Windows cannot “un-hash” your password, so what Windows does is take whatever password you type in, hash it, and then compare the result with what is in the SAM file. If they match (exactly) then you can log in.

Storing Windows passwords is just one application of hashing. There are others. For example, in computer forensics, hashing a drive before starting a forensic examination is common practice. Then later you can always hash it again to see whether anything was changed (accidently or intentionally). If the second hash matches the first, then nothing has been changed.

In relationship to hashing, the term “salt” refers to random bits that are used as one of the inputs to the hash. Essentially, the salt is intermixed with the message that will be hashed. Salt data complicates dictionary attacks that use pre-encryption of dictionary entries. Is also effective against rainbow table attacks. For best security, the salt value is kept secret, separate from the password database/file.

MD5

MD5 is a 128-bit hash that is specified by RFC 1321. It was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. Although it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1. The biggest problem with MD5 is that it is not collision resistant.

SHA

The Secure Hash Algorithm is perhaps the most widely used hash algorithm today. Several versions of SHA now exist. SHA (all versions) is considered secure and collision free. The versions include:

Windows and Linux Encryption

Microsoft Windows provides encryption tools to prevent loss of confidential data.

Linux provides a number of cryptographic techniques to protect data on physical devices such as hard disks or removable media. Such technique is Linux Unified Key Setup (LUKS). This technique allows the encryption of Linux partitions. 

Using LUKS you can encrypt the entire blcok device which is well suited to protect data on removable storage or the laptops disk drive. LUKS uses the existing device mapper kernel subsystem and also provides passprhase strengthening for protection against dictionary attacks.