From 78373ac5ce8e1a4256e0583f267ae72c998ccd81 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Mon, 9 Feb 2026 11:41:07 +0000 Subject: [PATCH 1/4] Update README.md --- unit03_hashing/lab/README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/unit03_hashing/lab/README.md b/unit03_hashing/lab/README.md index 067c6ec..09651c5 100644 --- a/unit03_hashing/lab/README.md +++ b/unit03_hashing/lab/README.md @@ -68,7 +68,7 @@ SHA-384 hex chars: SHA-512 hex chars: -How does the number of hex characters relate to the length of the hash signature: +How does the number of hex characters relate to the length of the hash signature? ### A.4 @@ -119,13 +119,13 @@ From Ubuntu, download the following ZIP file: Web link (PS Files): [here](http://asecuritysite.com/letters.zip) -On your Ubuntu instance, you should be able to view the files by double clicking on them in the file explorer (as you should have a PostScript viewer installed). +On your Ubuntu instance, you should be able to view the files by double-clicking on them in the file explorer (as you should have a PostScript viewer installed). Do the files have different contents? -Now determine the MD5 signature for them. What can you observe from the result? +Now, determine the MD5 signature for them. What can you observe from the result? @@ -144,6 +144,12 @@ Hash rate for APR1: **Hint** - You can use *hashcat --help* to find all the flags that you can use! +Also, if you want to remove the hashed password you have already cracked, you can: + +``` +rm .hashcat\hashcat.potfile +``` + ### B.2 On Ubuntu, next create a word file (words) with the words of “napier”, “password” “Ankle123” and “inkwell” From 65dbc20980affc727957ee3fadfc62dfce50af11 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Mon, 9 Feb 2026 11:43:03 +0000 Subject: [PATCH 2/4] Fix grammar and capitalization in README.md Corrected minor grammatical errors and improved capitalization in the README. --- unit03_hashing/lab/README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/unit03_hashing/lab/README.md b/unit03_hashing/lab/README.md index 09651c5..11c225c 100644 --- a/unit03_hashing/lab/README.md +++ b/unit03_hashing/lab/README.md @@ -1,7 +1,7 @@ ![esecurity](https://raw.githubusercontent.com/billbuchanan/esecurity/master/z_associated/esecurity_graphics.jpg) # Lab 3: Hashing -Objective: The key objective of this lab is to understand the range of hashing methods used, analyse the strength of each of the methods, and in the usage of salting. Overall the most popular hashing methods are: MD5 (128-bit); SHA-1 (160-bit); SHA-256 (256-bit); SHA-3 (256-bit), bcrypt (192-bit) and PBKDF2 (256-bit). The methods of bcrypt, scrypt and PBKDF2 use a number of rounds, and which significantly reduce the hashing rate. This makes the hashing processes much slower, and thus makes the cracking of hashed passwords more difficult. We will also investigate the key hash cracking tools such as hashcat and John The Ripper. +Objective: The key objective of this lab is to understand the range of hashing methods used, analyse the strength of each of the methods, and in the usage of salting. Overall, the most popular hashing methods are: MD5 (128-bit); SHA-1 (160-bit); SHA-256 (256-bit); SHA-3 (256-bit), bcrypt (192-bit) and PBKDF2 (256-bit). The methods of bcrypt, scrypt and PBKDF2 use a number of rounds, and which significantly reduce the hashing rate. This makes the hashing processes much slower, and thus makes the cracking of hashed passwords more difficult. We will also investigate the key hash cracking tools such as Hashcat and John the Ripper. Open up your Ubuntu instance within vsoc.napier.ac.uk and conduct this lab. @@ -10,7 +10,7 @@ Demo: [here](https://youtu.be/rnTLr6iUbf0) If required, you can check the hashing methods here: https://asecuritysite.com/encryption/js10 ## A Hashing -In this section we will look at some fundamental hashing methods. +In this section, we will look at some fundamental hashing methods. ### A.1 Using (either on your Windows desktop or on Ubuntu): @@ -68,7 +68,7 @@ SHA-384 hex chars: SHA-512 hex chars: -How does the number of hex characters relate to the length of the hash signature? +How does the number of hex characters relate to the length of the hash value? ### A.4 @@ -150,6 +150,12 @@ Also, if you want to remove the hashed password you have already cracked, you ca rm .hashcat\hashcat.potfile ``` +Otherwise, you can use the --show option to show previously cracked hashes: + +``` +hashcat --show +``` + ### B.2 On Ubuntu, next create a word file (words) with the words of “napier”, “password” “Ankle123” and “inkwell” From b335dea7b020e0036702113a2fdca25e1151491d Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Sun, 15 Feb 2026 19:37:57 +0000 Subject: [PATCH 3/4] Clean up print statements in README example Remove unnecessary print statement before displaying decrypted message. --- unit04_public_key/lab/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/unit04_public_key/lab/README.md b/unit04_public_key/lab/README.md index 7d8d4b4..102dd18 100644 --- a/unit04_public_key/lab/README.md +++ b/unit04_public_key/lab/README.md @@ -103,7 +103,6 @@ privKeyObj = RSA.importKey(binPrivKey) cipher = PKCS1_OAEP.new(privKeyObj) message = cipher.decrypt(ciphertext) -print print ("====Decrypted===") print ("Message:",message) ``` From cde68cb22b781825fcac1a7e6007836fb24adf90 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Sun, 15 Feb 2026 20:16:21 +0000 Subject: [PATCH 4/4] Update README with AI usage restrictions Added restrictions on the use of AI and online sources during the test. --- z_assessments/test01/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/z_assessments/test01/README.md b/z_assessments/test01/README.md index 7a35a54..98da2bb 100644 --- a/z_assessments/test01/README.md +++ b/z_assessments/test01/README.md @@ -7,7 +7,7 @@ There will be four main questions in the exam: Symmetric Key (Unit 1), Hashing ( Some test details are: -* It is an open book test. +* It is an open book test. No use of GenAI mode in browsers. * No copying and pasting is allowed for the questions, and answers will be checked against on-line sources for copying. * No use of chat/AI bots. * A copied answer is likely to be graded with a score of zero, and copying and pasting from on-line content could be highlighted for an issue.