Breaking cryptographic hashes is the process of attempting to recover the original information based on the hash.

For example, an attacker may, after breaking into the web application's database, get cryptographic hashes of users' passwords instead of plain text passwords. This is because a properly built web application does not need to store plain text passwords anywhere.

In this situation, the attacker typically tries to break the hashes and restore them back to clear-text passwords. Simply put, this means that the attacker enters random passwords through the hashing algorithm used by the application and compares the resulting hash to the list of hashes that the attacker wants to crack.

This is the simplest but most time-consuming method. The attacker systematically generates possible candidates for the original data, calculates their hashes, and compares the results to the desired hash. This process continues until the correct input is found. The challenge of a brute force attack is the computational power and time it requires, especially when a strong hash function and a long input are used.

Rainbow tables are precomputed tables of hashes that cover a wide range of possible inputs. An attacker can search for the desired hash match in the table, thus finding the original data faster than using brute force method. The weakness of rainbow tables is their high storage requirement and inefficiency against hashes using salt.

A dictionary attack is a type of brute force attack, but instead of trying every possible combination, the attacker uses a predefined list of words. This list includes commonly used passwords, common words, or previously leaked passwords. The effectiveness of a dictionary attack is based on the assumption that users choose passwords that are meaningful and easily remembered, such as pet names, birthdates, or simple combinations like "password".

An attacker typically uses a dictionary as a foundation and adds numbers, special characters, or other common modifications that people may add to make their password more complex. For example, if the dictionary includes the word "password", the attacker may try variations such as "Password1", "password!", or "p4ssw0rd".

Defense mechanisms against breaking hashes

Breaking cryptographic hashes is constantly targeted by evolving attack techniques. Therefore, it is important to understand and apply effective defense mechanisms. Next, let's go through the three most important defense mechanisms that can be used to protect cryptographic hashes: Salting, iteration, and choosing a strong hash algorithm.

Encryption is a technique in which a random set of data is added to the original information before the hashing function is performed. This makes breaking hashes significantly more difficult, as each hash is unique even if the original information is the same.

Let's take as an example user passwords in a database. Without salting, the same password will always produce the same hash. If two users use the same password, their hashes are identical, which exposes them to dictionary attacks. By salting the passwords before hashing, a unique hash is created for each password, so even identical passwords will not produce the same hash.

Iteration is a method in which a hash function is applied multiple times in succession, possibly combined with salting. This increases the computational power and time required for an attack.

PBKDF2 (Password-Based Key Derivation Function 2) and bcrypt are examples of iteration-based functions used for storing passwords. They perform a hash function thousands or even millions of times, making brute-force attacks impractical.

By using modern, approved, and tested hashing functions, such as SHA-256 or SHA-3, the risk of vulnerabilities can be reduced. Older hashing functions, such as MD5 and SHA-1, have proven to be quite weak.

This website uses cookies to enhance your browsing experience. By clicking "Accept" you agree to the use of cookies. 

Use the attacker's machine and crack the hash value of the task using a dictionary attack.

You can then use the John (John the Ripper) tool to crack the hash. In the path /usr/share/wordlists/rockyou.txt there is a password list with a bunch of different passwords.

 file contains the hash value in question. You can create the hash.txt file as follows:

Hash cracking

## What is cracking cryptographic hashes?

Breaking cryptographic hashes is the process of attempting to recover the original information based on the hash.

For example, an attacker may, after breaking into the web application's database, get cryptographic hashes of users' passwords instead of plain text passwords. This is because a properly built web application does not need to store plain text passwords anywhere.

In this situation, the attacker typically tries to break the hashes and restore them back to clear-text passwords. Simply put, this means that the attacker enters random passwords through the hashing algorithm used by the application and compares the resulting hash to the list of hashes that the attacker wants to crack.

---

## Methods of Breaching

### Brute Force Attack

This is the simplest but most time-consuming method. The attacker systematically generates possible candidates for the original data, calculates their hashes, and compares the results to the desired hash. This process continues until the correct input is found. The challenge of a brute force attack is the computational power and time it requires, especially when a strong hash function and a long input are used.

### Rainbow tables

Rainbow tables are precomputed tables of hashes that cover a wide range of possible inputs. An attacker can search for the desired hash match in the table, thus finding the original data faster than using brute force method. The weakness of rainbow tables is their high storage requirement and inefficiency against hashes using salt.

### Dictionary Attacks

A dictionary attack is a type of brute force attack, but instead of trying every possible combination, the attacker uses a predefined list of words. This list includes commonly used passwords, common words, or previously leaked passwords. The effectiveness of a dictionary attack is based on the assumption that users choose passwords that are meaningful and easily remembered, such as pet names, birthdates, or simple combinations like "password".

An attacker typically uses a dictionary as a foundation and adds numbers, special characters, or other common modifications that people may add to make their password more complex. For example, if the dictionary includes the word "password", the attacker may try variations such as "Password1", "password!", or "p4ssw0rd".

---

## Defense mechanisms against breaking hashes

Breaking cryptographic hashes is constantly targeted by evolving attack techniques. Therefore, it is important to understand and apply effective defense mechanisms. Next, let's go through the three most important defense mechanisms that can be used to protect cryptographic hashes: Salting, iteration, and choosing a strong hash algorithm.

### Encryption (Salting)

Encryption is a technique in which a random set of data is added to the original information before the hashing function is performed. This makes breaking hashes significantly more difficult, as each hash is unique even if the original information is the same.

Let's take as an example user passwords in a database. Without salting, the same password will always produce the same hash. If two users use the same password, their hashes are identical, which exposes them to dictionary attacks. By salting the passwords before hashing, a unique hash is created for each password, so even identical passwords will not produce the same hash.

```python
salt = random_string()
hashed_password = hash_password(password + salt)
```

### Iteration (Key Stretching)

Iteration is a method in which a hash function is applied multiple times in succession, possibly combined with salting. This increases the computational power and time required for an attack.

PBKDF2 (Password-Based Key Derivation Function 2) and bcrypt are examples of iteration-based functions used for storing passwords. They perform a hash function thousands or even millions of times, making brute-force attacks impractical.

### Strong Hash Functions

By using modern, approved, and tested hashing functions, such as SHA-256 or SHA-3, the risk of vulnerabilities can be reduced. Older hashing functions, such as MD5 and SHA-1, have proven to be quite weak.

This website uses cookies to enhance your browsing experience. By clicking "Accept" you agree to the use of cookies. [Learn more](/privacy-policy)

### Task

Use the attacker's machine and crack the hash value of the task using a dictionary attack.

```
echo '3fc0a7acf087f549ac2b266baf94b8b1' > hash.txt
```

You can then use the John (John the Ripper) tool to crack the hash. In the path /usr/share/wordlists/rockyou.txt there is a password list with a bunch of different passwords.

Note. The *hash.txt* file contains the hash value in question. You can create the hash.txt file as follows:

```sh
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
```

@exercise 3667428d294f

@exercise 1398f6272601


Cracking Hashes: How Does It Work?

From the history of cryptography to current use, the basics of encryption, technologies, applications and their impact on security.

Welcome to Hakatemia's cryptography course!

In this course, we will go through the basics of cryptography, the most important encryption algorithms, and their modern applications. The course is beginner-friendly and practical.

The goal is that after the course you will know what cryptography is, what it is used for, and how to choose the right encryption techniques and settings for different purposes.

Cracking Hashes: How Does It Work?

What is cracking cryptographic hashes?

Learn to hack — start here