Wednesday, May 11, 2022

The SHA-256 (Secure Hash Algorithms)

 The tenth lesson of hacking :

The SHA-256 (Secure Hash Algorithms)


A Definitive Guide to Learn the SHA 256 Algorithm

Among the many advancements seen in network security, encryption and hashing have been the core principles of additional security modules. The secure hash algorithm with a digest size of 256 bits, or the SHA 256 algorithm, is one of the most widely used hash algorithms. While there are other variants, SHA 256 has been at the forefront of real-world applications.

To understand the working of the SHA 256 algorithm, you need first to understand hashing and its functional characteristics.

What is Hashing?

Hashing is the process of scrambling raw information to the extent that it cannot reproduce it back to its original form. It takes a piece of information and passes it through a function that performs mathematical operations on the plaintext. This function is called the hash function, and the output is called the hash value/digest. 

hashing1

As seen from the above image, the hash function is responsible for converting the plaintext to its respective hash digest. They are designed to be irreversible, which means your digest should not provide you with the original plaintext by any means necessary. Hash functions also provide the same output value if the input remains unchanged, irrespective of the number of iterations.

There are two primary applications of hashing:

  • Password Hashes: In most website servers, it converts user passwords into a hash value before being stored on the server. It compares the hash value re-calculated during login to the one stored in the database for validation.

passwords.

  • Integrity Verification: When it uploads a file to a website, it also shared its hash as a bundle. When a user downloads it, it can recalculate the hash and compare it to establish data integrity.

integrity1.

Now that you understand the working of hash functions, look at the key topic in hand - SHA 256 algorithm.

  

What is the SHA-256 Algorithm?

SHA 256 is a part of the SHA 2 family of algorithms, where SHA stands for Secure Hash Algorithm. Published in 2001, it was a joint effort between the NSA and NIST to introduce a successor to the SHA 1 family, which was slowly losing strength against brute force attacks.

The significance of the 256 in the name stands for the final hash digest value, i.e. irrespective of the size of plaintext/cleartext, the hash value will always be 256 bits.

The other algorithms in the SHA family are more or less similar to SHA 256. Now, look into knowing a little more about their guidelines.

What are the Characteristics of the SHA-256 Algorithm?

sha_chars.

Some of the standout features of the SHA algorithm are as follows:

  • Message Length: The length of the cleartext should be less than 264 bits. The size needs to be in the comparison area to keep the digest as random as possible.

  • Digest Length: The length of the hash digest should be 256 bits in SHA 256 algorithm, 512 bits in SHA-512, and so on. Bigger digests usually suggest significantly more calculations at the cost of speed and space.

  • Irreversible: By design, all hash functions such as the SHA 256 are irreversible. You should neither get a plaintext when you have the digest beforehand nor should the digest provide its original value when you pass it through the hash function again.

Now that you got a fair idea about the technical requirements for SHA, you can get into its complete procedure, in the next section.

Steps in SHA-256 Algorithm

You can divide the complete process into five different segments, as mentioned below:

Padding Bits

It adds some extra bits to the message, such that the length is exactly 64 bits short of a multiple of 512. During the addition, the first bit should be one, and the rest of it should be filled with zeroes.

sha1step

Padding Length

You can add 64 bits of data now to make the final plaintext a multiple of 512. You can calculate these 64 bits of characters by applying the modulus to your original cleartext without the padding.

sha2step

Initialising the Buffers:

You need to initialize the default values for eight buffers to be used in the rounds as follows:

shabuffer-SHA_256_Algorithm.

You also need to store 64 different keys in an array, ranging from K[0] to K[63]. They are initialized as follows: 

keybits-SHA_256_Algorithm.

Courtesy: SHA-2 (Wikipedia)

Compression Functions

The entire message gets broken down into multiple blocks of 512 bits each. It puts each block through 64 rounds of operation, with the output of each block serving as the input for the following block. The entire process is as follows:

functionsha-SHA_256_Algorithm

Courtesy: Medium Article on SHA 256

While the value of K[i] in all those rounds is pre-initialized, W[i] is another input that is calculated individually for each block, depending on the number of iterations being processed at the moment.

Output

With each iteration, the final output of the block serves as the input for the next block. The entire cycle keeps repeating until you reach the last 512-bit block, and you then consider its output the final hash digest. This digest will be of the length 256-bit, as per the name of this algorithm.

With the SHA 256 algorithm being implemented thoroughly since the early 90s, there are specific applications that you can look into. You will see them in the next section.

 

Applications of SHA algorithm

apps_Sha.

As seen in the image above, the SHA algorithm is being used in a lot of places, some of which are as follows:

  • Digital Signature Verification: Digital signatures follow asymmetric encryption methodology to verify the authenticity of a document/file. Hash algorithms like SHA 256 go a long way in ensuring the verification of the signature.

  • Password Hashing: As discussed above, websites store user passwords in a hashed format for two benefits. It helps foster a sense of privacy, and it lessens the load on the central database since all the digests are of similar size.

  • SSL Handshake: The SSL handshake is a crucial segment of the web browsing sessions, and it’s done using SHA functions. It consists of your web browsers and the web servers agreeing on encryption keys and hashing authentication to prepare a secure connection.

  • Integrity Checks: As discussed above, verifying file integrity has been using variants like SHA 256 algorithm and the MD5 algorithm. It helps maintain the full value functionality of files and makes sure they were not altered in transit.

 

How Can Simplilearn Help You?

With hashing and encryption being a staple in today’s digital workspace, it’s no surprise that the demand for has shot through the roof. Apart from cryptography, multiple other avenues in this field are necessary if one wants to pursue a career as a security analyst or network administrator.

Simplilearn offers a  course that both newcomers and seasoned corporate professionals can easily pick up. From covering the   to teaching its most nuanced characteristics, the course is filled with tasks, live classes, and a solid foundation to start your career in this lucrative field.

Conclusion

In today’s lesson on SHA 256 algorithm, you learned the basics of hashing, the applications of hashing, the origin of SHA, its working, and the places this algorithm finds use. Hopefully, this has been an exciting session for you. 

Do you have any questions regarding any part of this tutorial? Please let us know your thoughts and questions in the comment section below, and we will have our experts look at it for you.

Message-Digest Algorithm 5

 The ninth lesson of hacking : 


Message-Digest Algorithm 5

The Complete Know-How on the MD5 Algorithm

With the consensus aiming towards an educated public on digital privacy, it’s no surprise to see an increasing interest in encryption algorithms. MD5 algorithm was one of the first hashing algorithms to take the global stage as a successor to the MD4 algorithm. Despite the security vulnerabilities encountered in the future, MD5 remains a crucial part of data infrastructure in a multitude of environments.

Before diving headfirst into the main topic, it is best to go through the basic concept of hashing first.

What is Hashing?

Hashing consists of converting a general string of information into an intricate piece of data. This is done to scramble the data so that it completely transforms the original value, making the hashed value utterly different from the original.

md5hashing

Hashing uses a hash function to convert standard data into an unrecognizable format. These hash functions are a set of mathematical calculations that transform the original information into their hashed values, known as the hash digest or digest in general. The digest size is always the same for a particular hash function like MD5 or SHA1, irrespective of input size.

Hashing has two primary use cases:

  • Password Verification:

It is common to store user credentials of websites in a hashed format to prevent third parties from reading the passwords. Since hash functions always provide the same output for the same input, comparing password hashes is much more private.

md5hashing1

The entire process is as follows:

  1. User signs up to the website with a new password
  2. It passes the password through a hash function and stores the digest on the server
  3. When a user tries to log in, they enter the password again
  4. It passes the entered password through the hash function again to generate a digest
  5. If the newly developed digest matches the one on the server, the login is verified

 Be smart be safe

  • Integrity Verification:

Some files can be checked for data corruption using hash functions. Like the above scenario, hash functions will always give the same output for similar input, irrespective of iteration parameters.

md5hashing2.

The entire process follows this order:

  1. A user uploads a file on the internet
  2. It also uploads the hash digest along with the file
  3. When a user downloads the file, they recalculate the hash digest
  4. If the digest matches the original hash value, file integrity is maintained

Now that you have a base foundation set in hashing, you can look at the focus for this tutorial, the MD5 algorithm.

What is the MD5 Algorithm?

MD5 (Message Digest Method 5) is a cryptographic hash algorithm used to generate a 128-bit digest from a string of any length. It represents the digests as 32 digit hexadecimal numbers.

md5_1-MD5_Algorithm

Ronald Rivest designed this algorithm in 1991 to provide the means for digital signature verification. Eventually, it was integrated into multiple other frameworks to bolster security indexes.

md5_2-MD5_Algorithm.

The digest size is always 128 bits, and thanks to hashing function guidelines, a minor change in the input string generate a drastically different digest. This is essential to prevent similar hash generation as much as possible, also known as a hash collision.

You will now learn the steps that constitute the working of the MD5 algorithm.

Steps in MD5 Algorithm

There are four major sections of the algorithm:

Padding Bits

When you receive the input string, you have to make sure the size is 64 bits short of a multiple of 512. When it comes to padding the bits, you must add one(1) first, followed by zeroes to round out the extra characters. 

md5_3-MD5_Algorithm.

Padding Length

You need to add a few more characters to make your final string a multiple of 512. To do so, take the length of the initial input and express it in the form of 64 bits. On combining the two, the final string is ready to be hashed.

md5_4.

Initialize MD Buffer

The entire string is converted into multiple blocks of 512 bits each. You also need to initialize four different buffers, namely A, B, C, and D. These buffers are 32 bits each and are initialized as follows:

A = 01 23 45 67

B = 89 ab cd ef

C = fe dc ba 98

D = 76 54 32 10

Process Each Block

Each 512-bit block gets broken down further into 16 sub-blocks of 32 bits each. There are four rounds of operations, with each round utilizing all the sub-blocks, the buffers, and a constant array value. 

This constant array can be denoted as T[1] -> T[64].

Each of the sub-blocks are denoted as M[0] -> M[15].

md5chart

According to the image above, you see the values being run for a single buffer A. The correct order is as follows:

  • It passes B, C, and D onto a non-linear process.
  • The result is added with the value present at A.
  • It adds the sub-block value to the result above.
  • Then, it adds the constant value for that particular iteration.
  • There is a circular shift applied to the string.
  • As a final step, it adds the value of B to the string and is stored in buffer A.

The steps mentioned above are run for every buffer and every sub-block. When the last block’s final buffer is complete, you will receive the MD5 digest.

The non-linear process above is different for each round of the sub-block.

Round 1: (b AND c) OR ((NOT b) AND (d))

Round 2: (b AND d) OR (c AND (NOT d))

Round 3: b XOR c XOR d

Round 4: c XOR (b OR (NOT d))

With this, you conclude the working of the MD5 algorithm. You will now see the advantages procured when using this particular hash algorithm.

FREE Course: Introduction to Cyber Security

Learn and master the basics of cybersecurityENROL NOW
FREE Course: Introduction to Cyber Security

Advantages of MD5

md5adv.

  • Easy to Compare: Unlike the latest hash algorithm families, a 32 digit digest is relatively easier to compare when verifying the digests.
  • Storing Passwords: Passwords need not be stored in plaintext format, making them accessible for hackers and malicious actors. When using digests, the database also gets a boost since the size of all hash values will be the same.
  • Low Resource: A relatively low memory footprint is necessary to integrate multiple services into the same framework without a CPU overhead.
  • Integrity Check: You can monitor file corruption by comparing hash values before and after transit. Once the hashes match, file integrity checks are valid, and it avoids data corruption.

Build your network security skill-set and beat hackers at their own game with the 

What Is Firewall: Types, How Does It Work

 The eight lesson of hacking : Firewall 

v

With the increasing number of cybercrimes with every passing day, individuals and companies must secure their information. However, there are many challenges to implementing the same. A firewall is one such security device that can help you safeguard your network and device from an outsider. In this tutorial on ‘what is a firewall’, you will learn all you need to know about a firewall and how it acts as a shield to protect your network.

Now, let’s start by understanding what is firewall

What Is Firewall?

Fencing your property protects your house and keeps trespassers at bay; similarly, firewalls are used to secure a computer network. Firewalls are network security systems that prevent unauthorized access to a network. It can be a hardware or software unit that filters the incoming and outgoing traffic within a private network, according to a set of rules to spot and prevent cyberattacks. 

Firewalls are used in enterprise and personal settings. They are a vital component of network security. Most operating systems have a basic built-in firewall. However, using a third-party firewall application provides better protection.

CEH (v10) - Certified Ethical Hacking Course

Get trained on advanced methodologies hackers useVIEW COURSE
CEH (v10) - Certified Ethical Hacking Course

Now that we have understood what is firewall, moving forward we will see the history of firewalls.

History of Firewall

Network firewalls have evolved over the years to address several threats in the security landscape. Firewalls will remain crucial to organizations and society. So, let’s look at a brief history of firewalls. 

  • 1989 - Birth of packet filtering firewalls
  • 1992 - First commercial firewall DEC SEAL
  • 1994 - First of the stateful firewalls appear
  • 2004 - IDC coins the term UTM (unified threat management)
  • 2009 - Next Generation Firewall (NGFW) was introduced by Gartner

Now that you know the what is firewall and its history, let’s dive deeper into understanding how a firewall works. 

How Does a Firewall Work?

As mentioned previously, firewalls filter the network traffic within a private network. It analyses which traffic should be allowed or restricted based on a set of rules. Think of the firewall like a gatekeeper at your computer’s entry point which only allows trusted sources, or IP addresses, to enter your network. 

A firewall welcomes only those incoming traffic that has been configured to accept. It distinguishes between good and malicious traffic and either allows or blocks specific data packets on pre-established security rules. 

These rules are based on several aspects indicated by the packet data, like their source, destination, content, and so on. They block traffic coming from suspicious sources to prevent cyberattacks. 

For example, the image depicted below shows how a firewall allows good traffic to pass to the user’s private network.

Firewall_1.

Fig: Firewall allowing Good Traffic

However, in the example below, the firewall blocks malicious traffic from entering the private network, thereby protecting the user’s network from being susceptible to a cyberattack.

Firewall_2.   

Fig: Firewall blocking Bad Traffic

This way, a firewall carries out quick assessments to detect malware and other suspicious activities.

There are different types of firewalls to read data packets at different network levels. Now, you will move on to the next section of this tutorial and understand the different types of firewalls.

Types of Firewalls

A firewall can either be software or hardware. Software firewalls are programs installed on each computer, and they regulate network traffic through applications and port numbers. Meanwhile, hardware firewalls are the equipment established between the gateway and your network. Additionally, you call a firewall delivered by a cloud solution as a cloud firewall.

There are multiple types of firewalls based on their traffic filtering methods, structure, and functionality. A few of the types of firewalls are:

  • Packet Filtering

A packet filtering firewall controls data flow to and from a network. It allows or blocks the data transfer based on the packet's source address, the destination address of the packet, the application protocols to transfer the data, and so on.

  • Proxy Service Firewall

This type of firewall protects the network by filtering messages at the application layer. For a specific application, a proxy firewall serves as the gateway from one network to another. 

  • Stateful Inspection

Such a firewall permits or blocks network traffic based on state, port, and protocol. Here, it decides filtering based on administrator-defined rules and context. 

  • Next-Generation Firewall

According to Gartner, Inc.’s definition, the next-generation firewall is a deep-packet inspection firewall that adds application-level inspection, intrusion prevention, and information from outside the firewall to go beyond port/protocol inspection and blocking.

  • Unified Threat Management (UTM) Firewall

A UTM device generally integrates the capabilities of a stateful inspection firewall, intrusion prevention, and antivirus in a loosely linked manner. It may include additional services and, in many cases, cloud management. UTMs are designed to be simple and easy to use.

  • Threat-Focused NGFW

These firewalls provide advanced threat detection and mitigation. With network and endpoint event correlation, they may detect evasive or suspicious behavior.

Free Course: Ethical Hacking for Beginners

Learn the Fundamentals of Ethical HackingENROLL NOW
Free Course: Ethical Hacking for Beginners

Advantages of Using Firewalls

Now that you have understood the types of firewalls, let us look at the advantages of using firewalls. 

  • Firewalls play an important role in the companies for security management. Below are some of the important advantages of using firewalls.
  • It provides enhanced security and privacy from vulnerable services. It prevents unauthorized users from accessing a private network that is connected to the internet.
  • Firewalls provide faster response time and can handle more traffic loads.
  • A firewall allows you to easily handle and update the security protocols from a single authorized device.
  • It safeguards your network from phishing attacks.

How to Use Firewall Protection?

To keep your network and devices safe, make sure your firewall is set up and maintained correctly. Here are some tips to help you improve your firewall security:

  • Constantly update your firewalls as soon as possible: Firmware patches keep your firewall updated against any newly discovered vulnerabilities.
  • Use antivirus protection: In addition to firewalls, you need to use antivirus software to protect your system from viruses and other infections.
  • Limit accessible ports and host: Limit inbound and outbound connections to a strict whitelist of trusted IP addresses. 
  • Have active network: To avoid downtime, have active network redundancies. Data backups for network hosts and other critical systems can help you avoid data loss and lost productivity in the case of a disaster.

Build your network security skill-set and beat hackers at their own game with the   Check out the course preview now!

Conclusion

In this tutorial on what is a firewall, you have understood what a firewall is and how it works. You also learned the different types of firewalls and how to use a firewall. Cybersecurity is a booming field in today's times. If you are looking to learn ethical hacking to protect devices and networks from cybercriminals. In that case, Simplilearn's   will help you master advanced network packet analysis and penetration testing techniques to build your network security skill-set.

Do you have any questions on this tutorial on ‘what is a firewall’? If you do, please drop them in the comments section. We will help you solve your queries at the earliest. 

Become an Ethical Hacker in 2022

 The seventh lesson of hacking :

The word ‘hacker' originally defined a skilled programmer proficient in machine code and computer operating systems. Today, a 'hacker' is a person who consistently engages in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice. Hacking is the practice of modifying the features of a system, to accomplish a goal outside of the creator's original purpose.

Before understanding how to become an ethical hacker, let us understand more about the role.

What is Ethical Hacking?

The term ‘hacking’ has very negative connotations, but that's only until the role of an ethical hacker is fully understood. Ethical hackers are the good guys of the hacking world, the ones who wear the "white hat". So what does the role of an ethical hacker entail? Instead of using their advanced computer knowledge for nefarious activities, ethical hackers identify weaknesses in data computer security for business and organizations across the globe, to protect them from hackers with less honest motives.

Before understanding how to become an ethical hacker, let us understand what is the ethical hacking career.

PGP in Cyber Security With Modules From MIT SCC

Your Cyber Security Career Success Starts Here!VIEW COURSE
PGP  in Cyber Security With Modules From MIT SCC

What is the Attraction of an Ethical Hacking Career?

If you’re a professional who appreciates the joys of the world of computers and relishes a challenge, then a career in ethical hacking can be an enticing prospect. You get the opportunity to use your skills to break into computer systems, and you get paid good money for doing so. Like many careers, it is not easy to get started in the field, but if you put in the effort, initially, you will be able to shape a very lucrative career for yourself. Besides, ethical hackers are always on the right side of the law!

Let us learn how to become an ethical hacker after looking into the stages in the career of an ethical hacker.

What Are the Stages of a Career in Ethical Hacking?

Patience is a skill you need to cultivate if you want to embark on a career as an ethical hacker. You can't expect to secure an exceptionally high ranking job and earn a large salary right from the beginning, but there is immense potential to achieve both in a short span of time!

1. Starting Out

Many ethical hackers start out by obtaining a computer science degree. You also have the option of obtaining an A+ certification (CompTIA) that requires taking & clearing two separate exams. These exams test an individual's knowledge of the components of a Personal Computer and their ability to take a PC apart and re-build it.

To take the test for the qualification, you are expected to possess at least 500 hours of practical computing experience. At this level of your career, you can expect to earn an average salary of $44,000 per year. Before you can advance in your career, however, you need to gain experience and gain a Network+ or CCNA qualification. The Network+ certification validates foundation-level knowledge in networks, including management, maintenance, installation, and troubleshooting. The CCNA qualification ensures the same abilities and aims at foundation-level expertise.

2. Network Support

Once you are qualified, you can embark on the next stage of your career, in network support. Here, you will undertake activities like monitoring and updating, installing security programs, and testing for weaknesses. You will gain experience in the field of network security, and your aim should be to secure a position as a network engineer.

Build your network security skill-set and beat hackers at their own game with the Certified Ethical Hacking Course. Check out the course preview now!

3. Network Engineer

After gaining experience working in network support, you can hope to earn in the $60,000-65,000 range! You will now be designing and planning networks instead of just supporting them. From now on, your journey towards becoming an ethical hacker should have you concentrate on the Security aspect. Now is the time when you need to be working towards obtaining a certification in security, such as Security+, CISSP, or TICSA, for example. The Security+ accreditation is approved by the US Department of Defense and includes the testing of such vital topics as access control, identity management, and cryptography.

CISSP is a globally recognized security qualification that attests to knowledge in risk management, cloud computing, and application development. Testing for the TICSA qualification covers the same areas and is aimed at the same level of security understanding. Gaining this experience and the accreditation should be sufficient to help you secure a role in information security.

FREE Course: Introduction to Cyber Security

Learn and master the basics of cybersecuritySTART LEARNING
FREE Course: Introduction to Cyber Security

4. Working in Information Security        

This is a major step on the ladder to becoming an ethical hacker as, for the first time, you are dealing with Information Security itself! The average salary for someone in this role is $69,000. An information security analyst examines the system and network security, deals with security breaches, and works toward putting security measures in place. For this role, you should concentrate on penetration testing so as to get hands-on experience of some of the tools of the trade.

At this point in your career, you should be aiming at getting a Certified Ethical Hacker (CEH) certification from the International Council of Electronic Commerce Consultants (the EC Council). The training you receive will take you through everything you need to know to become an efficient, ethical hacker. You will be completely immersed in a hands-on environment where you are taken through the process of hacking into a network and identifying any security problems that exist. Once you have gained this certification, you can start marketing yourself as a professional ethical hacker.

Let us learn how to become an ethical hacker after understanding what are the expectations of the job.

Before understanding how to become an ethical hacker, let us understand the outlook for ethical hackers.

What Can You Expect as an Ethical Hacker?

Once you have embarked on a role as an ethical hacker, you will put all your technical and security expertise into trying to breach the network security of the business or organization that has hired you. The business will require a detailed analysis of your findings and your suggestions for the improvement of its network security. This work protects them from the hacking activities of those with illegitimate and illegal motives. The average salary you can expect as an ethical hacker is $71,000, with bonus payments often amounting to $15,000 - $20,000.

What is the Outlook for Ethical Hackers?

Cyberwarfare is extremely common, and many high profile enterprises have been subject to major hacking issues. In this day and age, spending on IT security on a global scale is reaching the trillion-dollar mark. What better way to combat the threat of black-hat hacking than by making use of an army of white-hat hackers?

The demand for ethical hackers is at an all-time high and rising. Many experienced, ethical hackers can expect to earn in excess of $120,000 per year, especially if they are running their own consultancies or penetration testing companies! All set to become an Ethical Hacker? Check out Simplilearn’s Ethical Hacking Training Course!