applied-cryptography/appliedcrypto
1
0
Fork 0
mirror of https://github.com/billbuchanan/appliedcrypto.git synced 2026-02-20 13:50:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
appliedcrypto/z_jupyter/03_hashing.ipynb
billbuchanan bd13a9d0cb Labs
2026-02-04 09:47:31 +00:00

481 lines
18 KiB
Plaintext
Raw Permalink Blame History

{
"cells": [
{
"cell_type": "markdown",
"id": "a7782a35",
"metadata": {},
"source": [
"\n",
"# Hashing\n",
"Within hashing methods, we take data in the form of a byte array, and then create a fixed length hash value. For MD5, the length of the hash is 128 bits, for SHA-1 it is 160 bits, and for SHA-256, it is 256 bits. \n",
"\n",
"<img src='graphics/g_hash_01.png' width=\"800px\">\n",
"\n",
"These hashes include MD5, SHA-1 and SHA-256. With MD5 we get a 128-bit output, and which is 32 hex characters:\n",
"\n",
"<img src='graphics/g_hash_02.png' width=\"800px\">\n",
"\n",
"SHA-1 has an output of 160 bits, and SHA-256 has an output of 256 bits. MD5 should not be used in production environments as the method has weaknesses, along with the output hash begin too short. SHA-1, too, has been shown to have weaknesses, and thus we should use SHA-2 methods. These include SHA224, SHA-256, SHA-384 and SHA-512. A newer standard is known as SHA-3. \n",
"\n",
"<img src='graphics/g_hash_04.png' width=\"800px\">\n",
"\n",
"\n",
"## OpenSSL hashing\n",
"OpenSSL can be used to create hash values for SHA1, SHA-256, and other methods. An example for Linux and Windows is [<a href=\"https://asecuritysite.com/openssl/openssl_full2\">here</a>]:\n",
"\n",
"```\n",
"Linux command: echo -n \"Hello\" | openssl dgst -md5\n",
"Windows command: echo | set /p = \"Hello\" | openssl dgst -md5\n",
"\n",
"Message: Hello\n",
"Mode: md5\n",
"========\n",
"MD5d1a7fb5eab1c16cb4f7cf341cf188c3d\n",
"```"
]
},
{
"cell_type": "markdown",
"id": "cd0b8fe6",
"metadata": {},
"source": [
"> Using OpenSSL in the command prompt, or using this site [<a href=\"https://asecuritysite.com/openssl/openssl_full2\">here</a>], determine the hash values SHA-1 and SHA-256 hash values for: \"Edinburgh\" and \"Glasgow\".\n",
"> Do the hash values change when we use \"edinburgh\" and \"glasgow\"?"
]
},
{
"cell_type": "markdown",
"id": "09119c37",
"metadata": {},
"source": [
"## MD5 and SHA-1\n",
"In the following we will use the hashing methods supported by the Hazmat primitive. "
]
},
{
"cell_type": "code",
"execution_count": 23,
"id": "e88c246d",
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Data: Hello\n",
" Hex: 48656c6c6f\n",
"MD5: 8b1a9953c4611296a827abf8c47804d7 ixqZU8RhEpaoJ6v4xHgE1w==\n",
"\n"
]
}
],
"source": [
"# 03_01.py\n",
"from cryptography.hazmat.primitives import hashes\n",
"import binascii\n",
"import sys\n",
"from cryptography.hazmat.backends import default_backend\n",
"\n",
"st = \"Hello\"\n",
"\n",
"try:\n",
" data=st.encode() # Convert to a byte array\n",
"\n",
" digest = hashes.Hash(hashes.MD5(),backend=default_backend())\n",
" digest.update(data)\n",
" res=digest.finalize()\n",
" hexval=binascii.b2a_hex(res).decode() # hex format\n",
" b64val=binascii.b2a_base64(res).decode() # Base64 format\n",
"\n",
"\n",
" print (\"Data: \",st)\n",
" print (\" Hex: \",binascii.b2a_hex(data).decode())\n",
" print (f\"MD5: {hexval} {b64val}\")\n",
"\n",
"except Exception as e:\n",
" print(e)"
]
},
{
"cell_type": "markdown",
"id": "f916c2c0",
"metadata": {},
"source": [
"\n",
"\n",
"> Can you determine the hash value for \"Hello\"?\n",
"\n",
"> Now modify Line 11 in the program below to give SHA1() and also SHA256(). What are the values (list the first two hex characters)?\n",
"\n",
"> What is the length of the hash (in bits) for SHA-1?\n",
"\n",
"> What is the lenguth of the hash (in bits) for SHA-256?"
]
},
{
"cell_type": "markdown",
"id": "ee4c4c0e",
"metadata": {},
"source": [
"Two of the main formats for hashing are hexademical and Base64. In this example, we will use the binascii library to convert our data into a hash value:\n",
"\n",
"<img src='graphics/g_hash_05.png' width=\"800px\">\n",
"\n",
"In this case, we will use other hashing methods such as Blake2, SHA-3, SHA-224, SHA-384 and SHA-512:"
]
},
{
"cell_type": "code",
"execution_count": 24,
"id": "5b576b95",
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Data: hello\n",
" Hex: 68656c6c6f\n",
"\n",
"MD5: 5d41402abc4b2a76b9719d911017c592 XUFAKrxLKna5cZ2REBfFkg==\n",
"\n",
"SHA1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d qvTGHdzF6KLavt4PO0gs2a6pQ00=\n",
"\n",
"SHA224: ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193 6gmunMZ2jFD87pA+0FRVblv8g0eQfxJZiqJBkw==\n",
"\n",
"SHA256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=\n",
"\n",
"SHA384: 59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f WeF0h3dEjGnea4ANejO7+5/xtGPkQ1TDVTvNucZm+pASWjx5+QOXvfX2oT3oKGhP\n",
"\n",
"SHA3_224: b87f88c72702fff1748e58b87e9141a42c0dbedc29a78cb0d4a5cd81 uH+IxycC//F0jli4fpFBpCwNvtwpp4yw1KXNgQ==\n",
"\n",
"SHA3_256: 3338be694f50c5f338814986cdf0686453a888b84f424d792af4b9202398f392 Mzi+aU9QxfM4gUmGzfBoZFOoiLhPQk15KvS5ICOY85I=\n",
"\n",
"SHA3_384: 720aea11019ef06440fbf05d87aa24680a2153df3907b23631e7177ce620fa1330ff07c0fddee54699a4c3ee0ee9d887 cgrqEQGe8GRA+/Bdh6okaAohU985B7I2MecXfOYg+hMw/wfA/d7lRpmkw+4O6diH\n",
"\n",
"SHA3_512: 75d527c368f2efe848ecf6b073a36767800805e9eef2b1857d5f984f036eb6df891d75f72d9b154518c1cd58835286d1da9a38deba3de98b5a53e5ed78a84976 ddUnw2jy7+hI7Pawc6NnZ4AIBenu8rGFfV+YTwNutt+JHXX3LZsVRRjBzViDUobR2po43ro96YtaU+XteKhJdg==\n",
"\n",
"SHA512: 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043 m3HSJL1i83hdltRq0+o9czGb+8KJDKra4t/3JRlnPKcjI8PZm6XBHXx6zG4UuMXaDEZjR1wuXDre9G9zvN7AQw==\n",
"\n",
"SHA512_224: fe8509ed1fb7dcefc27e6ac1a80eddbec4cb3d2c6fe565244374061c /oUJ7R+33O/CfmrBqA7dvsTLPSxv5WUkQ3QGHA==\n",
"\n",
"SHA512_256: e30d87cfa2a75db545eac4d61baf970366a8357c7f72fa95b52d0accb698f13a 4w2Hz6KnXbVF6sTWG6+XA2aoNXx/cvqVtS0KzLaY8To=\n",
"\n"
]
}
],
"source": [
"# 03_02.py\n",
"# https://asecuritysite.com/hazmat/hashnew\n",
"from cryptography.hazmat.primitives import hashes\n",
"import binascii\n",
"import sys\n",
"from cryptography.hazmat.backends import default_backend\n",
"\n",
"st = \"hello\"\n",
"hex=False\n",
"showhex=\"No\"\n",
"\n",
"def show_hash(name,type,data):\n",
" digest = hashes.Hash(type,backend=default_backend())\n",
" digest.update(data)\n",
" res=digest.finalize()\n",
" hex=binascii.b2a_hex(res).decode()\n",
" b64=binascii.b2a_base64(res).decode()\n",
" print (f\"{name}: {hex} {b64}\")\n",
"\n",
"if (showhex==\"yes\"): hex=True\n",
"\n",
"try:\n",
"\tif (hex==True): data = binascii.a2b_hex(st)\n",
"\telse: data=st.encode()\n",
"\n",
"\n",
"\tprint (\"Data: \",st)\n",
"\tprint (\" Hex: \",binascii.b2a_hex(data).decode())\n",
"\tprint()\n",
"\n",
"\tshow_hash(\"MD5\",hashes.MD5(),data)\n",
"\tshow_hash(\"SHA1\",hashes.SHA1(),data)\t\n",
"\tshow_hash(\"SHA224\",hashes.SHA224(),data)\n",
"\tshow_hash(\"SHA256\",hashes.SHA256(),data)\n",
"\tshow_hash(\"SHA384\",hashes.SHA384(),data)\n",
"\tshow_hash(\"SHA3_224\",hashes.SHA3_224(),data)\n",
"\tshow_hash(\"SHA3_256\",hashes.SHA3_256(),data)\n",
"\tshow_hash(\"SHA3_384\",hashes.SHA3_384(),data)\n",
"\tshow_hash(\"SHA3_512\",hashes.SHA3_512(),data)\n",
"\tshow_hash(\"SHA512\",hashes.SHA512(),data)\n",
"\tshow_hash(\"SHA512_224\",hashes.SHA512_224(),data)\n",
"\tshow_hash(\"SHA512_256\",hashes.SHA512_256(),data)\n",
"\n",
"except Exception as e:\n",
" print(e)"
]
},
{
"cell_type": "markdown",
"id": "36c0aa30",
"metadata": {},
"source": [
"\n",
"> In this case the input data is \"00\". Can you run the program again, and this time use the data input of \"The quick brown fox jumps over the lazy dog\". Prove that:\n",
"\n",
"* MD5 hash value is \"9e107d9d372bb6826bd81d3542a419d6\"\n",
"* SHA-1 hash value is \"2fd4e1c67a2d28fced849ee1bb76e7391b93eb12\"\n",
"* SHA-256 hash value is \"d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592\"\n",
"\n",
"\n",
"> How many hex characters does MD5, SHA-1 and SHA-256, and how would you determine number of characters used?"
]
},
{
"cell_type": "markdown",
"id": "5d0ef125",
"metadata": {},
"source": [
"## Adding salt\n",
"One problem with hashing methods, is that we get the same hash output for the same input. This can allow an intruder to match the hash to the input string. To overcome this, we can add a salt value to the hashing process. This can be to append or prepend the data onto the input data. We obviously need to store the salt value with the hash value, in order to check a hash. \n",
"\n",
"<img src='graphics/g_hash_08.png' width=\"800px\">"
]
},
{
"cell_type": "code",
"execution_count": 25,
"id": "82ee9a0e",
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Data: hello\n",
" Hex: 68656c6c6f\n",
"\n",
"MD5: bfd9929c0794146bae6dcccb4317e99c v9mSnAeUFGuubczLQxfpnA==\n",
"\n",
"SHA1: 710fd92d6fa82d1851f9691ba48f29124890761d cQ/ZLW+oLRhR+WkbpI8pEkiQdh0=\n",
"\n",
"SHA224: 079bb5febb6d8f6d8cdfdd8e63360aa1803170325ed6738bbf62b189 B5u1/rttj22M392OYzYKoYAxcDJe1nOLv2KxiQ==\n",
"\n",
"SHA256: 5bf84899a6394b4d1ceaf8a28ffe61425a40ddef1a1563321437f8dd388ba0d2 W/hImaY5S00c6viij/5hQlpA3e8aFWMyFDf43TiLoNI=\n",
"\n",
"SHA384: f5b0fd54d84d07531b579030015b699073efec74491cd62d0e78b217465d77a4cdd9ea5974622ceaecb4acd49da2cf0d 9bD9VNhNB1MbV5AwAVtpkHPv7HRJHNYtDniyF0Zdd6TN2epZdGIs6uy0rNSdos8N\n",
"\n",
"SHA3_224: b9473057d8131ff11cf1cffeb5f4bdebe972baa131344a3b86c22030 uUcwV9gTH/Ec8c/+tfS96+lyuqExNEo7hsIgMA==\n",
"\n",
"SHA3_256: 071cdb333657cce85c765a287dbfa3388e430fce8b48b398a08444674965edde BxzbMzZXzOhcdloofb+jOI5DD86LSLOYoIREZ0ll7d4=\n",
"\n",
"SHA3_384: a1f631cb30bdebc5020cfdc0f7fe59dba5702f3c6f0f418bc756c759ae5e645d213ce81810fed5fc3473793d37beff3d ofYxyzC968UCDP3A9/5Z26VwLzxvD0GLx1bHWa5eZF0hPOgYEP7V/DRzeT03vv89\n",
"\n",
"SHA3_512: bf033772d578b5b5f27e7025bf04c57ff752d71517175f20fb48785a1e2b3f9f40e5b1d30a0fee24daeb6f1d61240ab938b772faed649feb9db457387e204c7c vwM3ctV4tbXyfnAlvwTFf/dS1xUXF18g+0h4Wh4rP59A5bHTCg/uJNrrbx1hJAq5OLdy+u1kn+udtFc4fiBMfA==\n",
"\n",
"SHA512: 261e05408898a3afc8d81a8f118a3aee30f04cf110c77087a4fa82a35dcd25fe8cad9e3448f38eb0fcd538ccc91403e61dd72fd57db8ab35b304a3ded7d2ac0b Jh4FQIiYo6/I2BqPEYo67jDwTPEQx3CHpPqCo13NJf6MrZ40SPOOsPzVOMzJFAPmHdcv1X24qzWzBKPe19KsCw==\n",
"\n",
"SHA512_224: 00b5af9dec28d8d3d69cedea1c093eb0568882b62a81f52265e99089 ALWvnewo2NPWnO3qHAk+sFaIgrYqgfUiZemQiQ==\n",
"\n",
"SHA512_256: ba41801fb5b9c05853c4628a0816eacabbe55f767fa040790fcba7d5e60aeec3 ukGAH7W5wFhTxGKKCBbqyrvlX3Z/oEB5D8un1eYK7sM=\n",
"\n"
]
}
],
"source": [
"# 03_03.py\n",
"from cryptography.hazmat.primitives import hashes\n",
"import binascii\n",
"import sys\n",
"from cryptography.hazmat.backends import default_backend\n",
"\n",
"st = \"hello\"\n",
"salt = \"N20\"\n",
"hex=False\n",
"showhex=\"No\"\n",
"\n",
"def show_hash(name,type,data,salt):\n",
" digest = hashes.Hash(type,backend=default_backend())\n",
" digest.update(salt)\n",
" digest.update(data)\n",
" res=digest.finalize()\n",
" hex=binascii.b2a_hex(res).decode()\n",
" b64=binascii.b2a_base64(res).decode()\n",
" print (f\"{name}: {hex} {b64}\")\n",
"\n",
"if (showhex==\"yes\"): hex=True\n",
"\n",
"try:\n",
"\tif (hex==True): data = binascii.a2b_hex(st)\n",
"\telse: data=st.encode()\n",
"\n",
"\n",
"\tprint (\"Data: \",st)\n",
"\tprint (\" Hex: \",binascii.b2a_hex(data).decode())\n",
"\tprint()\n",
"\n",
"\tshow_hash(\"MD5\",hashes.MD5(),data,salt.encode())\n",
"\tshow_hash(\"SHA1\",hashes.SHA1(),data,salt.encode())\t\n",
"\tshow_hash(\"SHA224\",hashes.SHA224(),data,salt.encode())\n",
"\tshow_hash(\"SHA256\",hashes.SHA256(),data,salt.encode())\n",
"\tshow_hash(\"SHA384\",hashes.SHA384(),data,salt.encode())\n",
"\tshow_hash(\"SHA3_224\",hashes.SHA3_224(),data,salt.encode())\n",
"\tshow_hash(\"SHA3_256\",hashes.SHA3_256(),data,salt.encode())\n",
"\tshow_hash(\"SHA3_384\",hashes.SHA3_384(),data,salt.encode())\n",
"\tshow_hash(\"SHA3_512\",hashes.SHA3_512(),data,salt.encode())\n",
"\tshow_hash(\"SHA512\",hashes.SHA512(),data,salt.encode())\n",
"\tshow_hash(\"SHA512_224\",hashes.SHA512_224(),data,salt.encode())\n",
"\tshow_hash(\"SHA512_256\",hashes.SHA512_256(),data,salt.encode())\n",
"\n",
"except Exception as e:\n",
" print(e)"
]
},
{
"cell_type": "markdown",
"id": "c4eac92e",
"metadata": {},
"source": [
"> Verify that the hash value changes for different salt values.\n",
"\n",
"> Rather than a string for the salt value. Can you modify the program, so that it has a random salt value with 16 bytes?"
]
},
{
"cell_type": "markdown",
"id": "9154359d",
"metadata": {},
"source": [
"## Variable length hashes (XOF)\n",
"There are some hashing methods that support a variable number of bytes in the output hash. These include Blake2b, Blake2s, SHAKE128 and SHAKE256:\n",
"\n",
"<img src='graphics/g_hash_07.png' width=\"800px\">"
]
},
{
"cell_type": "code",
"execution_count": 26,
"id": "b04c8f47",
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Data: hello\n",
" Hex: 68656c6c6f\n",
"\n",
"Blake2p (64 bytes): e4cfa39a3d37be31c59609e807970799caa68a19bfaa15135f165085e01d41a65ba1e1b146aeb6bd0092b49eac214c103ccfa3a365954bbbe52f74a2b3620c94 5M+jmj03vjHFlgnoB5cHmcqmihm/qhUTXxZQheAdQaZboeGxRq62vQCStJ6sIUwQPM+jo2WVS7vlL3Sis2IMlA==\n",
"\n",
"Blake2s (32 bytes): 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8997eb00be456f140ca25 GSE7rMWN7m294865pHy7Mws9hvjMqJl+sAvkVvFAyiU=\n",
"\n",
"SHAKE128 (64 bytes): 8eb4b6a932f280335ee1a279f8c208a349e7bc65daf831d3021c213825292463c59e22d0fe2c767cd7cacc4df42dd5f6147f0c5c512ecb9b933d14b9cc1b2974 jrS2qTLygDNe4aJ5+MIIo0nnvGXa+DHTAhwhOCUpJGPFniLQ/ix2fNfKzE30LdX2FH8MXFEuy5uTPRS5zBspdA==\n",
"\n",
"SHAKE256 (64 bytes): 1234075ae4a1e77316cf2d8000974581a343b9ebbca7e3d1db83394c30f221626f594e4f0de63902349a5ea5781213215813919f92a4d86d127466e3d07e8be3 EjQHWuSh53MWzy2AAJdFgaNDueu8p+PR24M5TDDyIWJvWU5PDeY5AjSaXqV4EhMhWBORn5Kk2G0SdGbj0H6L4w==\n",
"\n"
]
}
],
"source": [
"# 03_04.py\n",
"from cryptography.hazmat.primitives import hashes\n",
"import binascii\n",
"import sys\n",
"from cryptography.hazmat.backends import default_backend\n",
"\n",
"st = \"hello\"\n",
"hex=False\n",
"showhex=\"No\"\n",
"\n",
"def show_hash(name,type,data):\n",
" digest = hashes.Hash(type,backend=default_backend())\n",
" digest.update(data)\n",
" res=digest.finalize()\n",
" hex=binascii.b2a_hex(res).decode()\n",
" b64=binascii.b2a_base64(res).decode()\n",
" print (f\"{name}: {hex} {b64}\")\n",
"\n",
"if (showhex==\"yes\"): hex=True\n",
"\n",
"try:\n",
"\tif (hex==True): data = binascii.a2b_hex(st)\n",
"\telse: data=st.encode()\n",
"\n",
"\n",
"\tprint (\"Data: \",st)\n",
"\tprint (\" Hex: \",binascii.b2a_hex(data).decode())\n",
"\tprint()\n",
"\n",
"\tshow_hash(\"Blake2p (64 bytes)\",hashes.BLAKE2b(64),data)\n",
"\tshow_hash(\"Blake2s (32 bytes)\",hashes.BLAKE2s(32),data)\n",
"\tshow_hash(\"SHAKE128 (64 bytes)\",hashes.SHAKE128(64),data)\n",
"\tshow_hash(\"SHAKE256 (64 bytes)\",hashes.SHAKE256(64),data)\n",
"\n",
"except Exception as e:\n",
" print(e)"
]
},
{
"cell_type": "markdown",
"id": "fc4ff412",
"metadata": {},
"source": [
"> Run the program and verify the hashes produced.\n",
"\n",
"> Modify the program so that that we get a hash with 16 bytes, and verify that the length is correct.\n",
"\n",
"> Modify the program so that that we get a hash with 512 bytes, and verify that the length is correct."
]
},
{
"cell_type": "markdown",
"id": "24740fab",
"metadata": {},
"source": [
"## LM and NTLM Hash\n",
"Previous Microsoft Windows systems have used the LM and NTLM hash to store user passwords. The method is supported in the passlib library:"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "c5ad92fc",
"metadata": {},
"outputs": [],
"source": [
"import passlib.hash;\n",
"string=\"hello\"\n",
"print \"LM Hash:\"+passlib.hash.lmhash.encrypt(string)\n",
"print \"NT Hash:\"+passlib.hash.nthash.encrypt(string)"
]
},
{
"cell_type": "markdown",
"id": "680f89f0",
"metadata": {},
"source": [
"> Compute the LM and NTLM hash for \"edinburgh\" and \"glasgow\". How many bytes are in the hash?\n",
"> Observe what happens to the hash when we use an input of \"aaaaaa\", \"aaaaaaa\", \"aaaaaaaa\", and \"aaaaaaaaaaaa\"?"
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3 (ipykernel)",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.8.3"
}
},
"nbformat": 4,
"nbformat_minor": 5
}
Reference in New Issue View Git Blame Copy Permalink