New to Wilders-Looking for some information on SHA-2

Discussion in 'privacy technology' started by om2180, Mar 7, 2012.

Thread Status:
Not open for further replies.
  1. om2180

    om2180 Registered Member

    Joined:
    Mar 7, 2012
    Posts:
    2
    Location:
    USA
    Hello all!

    I am completely new to Crypto of ANY kind. I am actually in the Security + class as I am typing this learning about Crypto which is what led me to this site. I am looking for information on using SHA-2 and where I can get it and maybe a little information on application? Any information will help. Thanks!
     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Is this specifically for the security+ exam? The certification test for the sec+ won't really dive deep into algorithms and hashing other than the high level overview of them. Such as when they are appropriate to use. The test isn't as exhaustive as the CISSP or skill experience heavy as an OSCP.

    A book or two I'd recommend for someone studying for the security+ would be:

    CompTIA Security+ Study Guide: Exam SY0-301, 5th Edition
    Eleventh Hour Security+: Exam SY0-201 Study Guide

    Both those would compliment a class nicely for the exam and will allow you to bring it all together for someone just starting in this field.

    To answer your question SHA-2 was developed by the U.S government and consists of four hash functions SHA-224, SHA-256, SHA-384, and SHA-512. In terms of real world application SHA-2 is used by many security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME etc. It can be used to verify message integrity, indexing, fingerprinting, the list goes on and on. Also keep your eyes out for SHA-3 in the not too distant future.

    How much knowledge do you have in regards to hashing and cryptographic hash functions in general ? I'd be more than happy to help you learn. You can also find free tools online which will give you examples of message hashing in real time and step by step guides on how-to's.
     
  3. om2180

    om2180 Registered Member

    Joined:
    Mar 7, 2012
    Posts:
    2
    Location:
    USA
    Excellent! thank you for your help! I am testing out this week but the reason why I was asking was because I am interested in it so if you have a way for me to learn more about it all I would greatly appreciate that yes.
     
  4. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Fair enough, if you want to get down to the very dirty technical details of SHA-2 best to go to the source (FIPS 180-2 standard). *Fair warning you may need a strong pot of coffee. Though that will give you information overload on SHA.

    From a more basic view a cryptographic hash function is a series of operations over an input message of arbitrary length, producing an output of fixed length. (This would be the hash or also known as message digest). For cryptographic hashing it should be easy to compute a hash function from a message one way, but just having a hash value alone would be infeasible to find the message that produced that value. Further, given one message it should be infeasible to find a second message producing the same message digest (unfortunately this isn't always the case, see collision attacks). Using a hashing function it should be infeasible to modify a message without modifying its hash value. Let me throw this into an example below:

    Say I want to send you a message, "om2180 is a great person" though you want to make sure no one intercepted this message and changed it. Me using my 1337 IT skills run this message through a SHA-256 (SHA-2) hash function and I get:

    3b272c87d18ba3de07ae434fc7261c057c150018c13e6c5ef15a82e7d1f45440

    I send this function output to you along with my message. You then run my received message through your own SHA-256 generator and compare the results. Lets say Mallory intercepted our message and changed "om2180 is a great person" to "om2180 is a horrible person" and sent this along to you. When you ran the message through your own SHA-256 generator you would get:

    92841650a15a408dcff8eef9edc920ad7143a601621903d909447cd6bb1f43fb

    as you can see modifying the message modifies the output. This is why hashing is used in security and many of your official updates to programs are "signed" to show if any modification is done. (Granted there is more involved in digital signatures) This process is usually automatic with the aid of programs though can be done manually. Hope this helps.
     
  5. qwerq

    qwerq Registered Member

    Joined:
    Apr 1, 2012
    Posts:
    1
    If you looking to learn, the Wikipedia will be a good start http://en.wikipedia.org/wiki/SHA_2

    If you want to test out the hash result, I had developed an online hashing tool with the aim to make it easy to use. such as to generate the result of SHA-256 on text abc http://qwerq.com/?q=sha256+abc
    For testing other hashing function for SHA-2, can be viewed at qwerq.com/index.pl?q=qwerq+intro#hash then go to section of Cryptographic Hash Function
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    My security+ class reaaaaaaally skimmed crypto. It gave examples, explained symmetric vs asymmetric, and talked a bit about PKI.

    Encrypted Bytes:
    Got this one on sale. Pretty good book, came with a practice exam as well, which was probably the biggest help.

    I'm not sure if you want to learn specifically about SHA or about crypto in general?

    SHA and MD(5 usually) are symmetric cryptographic functions meaning that when you run information into them there is a single key to get information out.

    In other words, if I use MD5 to encrypt a message I set the "key" or "password" to HungryMan. That is the key used to encrypt AND decrypt the message.

    The flip side is asymmetric crypto. In this case you have a message encrypted by HungryMan but it's decrypted by something else entirely. I don't know how much you want ton that, but it's a large part of SSL - the server holds the public key and the user holds a private key.
     
Loading...
Thread Status:
Not open for further replies.