An online markdown blog and knowledge repository.
Authentication: Verifiy the identity of a person/user or service.
Usually a username + password combination or other "who I am and what I have" combination.
Storing passwords is a security risk so must be managed carefully:
Plaintext => Hashing Algorithm => Hashed text
MDx (Message Digest) algorithms like MD5.
SHA (Secure Hash Algorithms) like SHA-1, SHA-2, and SHA-256.
Using a hashing algorithm usually involves importing the package, instantiating an object from the class, updating the object with the plaintext, and finally executing a method that produces the hashed text.
A same-sized hashed text will always be produced.
One-way hashing algorithms are known as "one way functions".
One-way Hashing Algo's must not reveal the "pre-image" of the hash text, meaning input values should not be discoverable just by looking at the output, whether the hashing algorithm is known or not.
A handy analogy is the Modulus function: 5 % 3 = 2 but so does 10 % 4 = 2 => The input value(s) are not revealed!
Avalanche Effect: A small change in an input produces a big difference in the output.
Deterministic Algorithm: The same input always produces the same output.
Hash outputs can be used to:
Add a dash of salt to improve/change the flavor of your food.
Similarly, add a special code/value into the hashing algorithm to produce a slightly different hash text.
Salt values must also be stored or it could be used to reverse-engineer the hash texts you are storing.
Salted password hashes can be helpful against "Rainbow Table Attacks", where a list of already leaked/discovered hashes are tested against an algorithm to reverse-engineer the passwords/encrypted plain text.
Producing a CRC: In this case, the idea is to hash the datagram and send the hashed DG along with (or following) the DG's network packet, so the receiving node can compare the CRC to the DG they received.
CRC Hashing is not cryptographically secure, and could be reverse engineered.
Just like with modulus, two different inputs that produce exactly the same output is considered a collision.
Forcing collisions is a technique used to 'break' a hashing function without ever discovering the actual input values for a given collision.
Take note: Collisions have been found in commonly used hashing algorithms.
Hashing algorithms should be slow, in order to deter brute-force attacks.
Safer algorithms today are: SHA-256 and SHA-3.
Use salting techniques to reduce the likelihood of a collision.
Features:
Authors: Niels Provos and David Mazieres.
Created in 1999.
Blowfish Block Ciper Cypto Algorithm is an adaptive hash function.
Uses a 'keyfactor' to force varying outputs and slows the hashing algorithm.
Fends against Rainbow Hash Table attacks.
jBCrypt (the paragraphs and code example at the top of the page)
Paragraphs and code example.
JBCrypt is:
JBCrypt Code snippet for reference:
// Hash a password for the first time
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());
// gensalt's log_rounds parameter determines the complexity
// the work factor is 2**log_rounds, and the default is 10
String hashed = BCrypt.hashpw(password, BCrypt.gensalt(12));
// Check that an unencrypted password matches one that has
// previously been hashed
if (BCrypt.checkpw(candidate, hashed))
{
System.out.println("It matches");
}
else
{
System.out.println("It does not match");
}
Back to root readme