MD5 hashing algorithm has a 128 bit signature.

SHA-1 hashing algorithm has a 160 bit signature.

Hash Signature: Hash signatures are used to gain a signature for files, so that they can be checked if they have been changed.

The digital certificate has an SHA-1 hash thumbprint (3f6a...89) which will be checked, and if the thumbprint is different, the certificate will be invalid.

Hashing suffers from dictionary attacks where the signatures of well known words are stored in a table, and the attacker performs a lookup on this.

Hence, it is important that any passwords are not standard words.

LM Hash. LM Hash is used in many version of Windows to store user passwords that are fewer than 15 characters long.

Bcrypt. This creates a hash value which has salt.

SHA-3 is a hash function that was developed to replace MD5 and SHA-0 which have been shown to be susceptible to attacks, along with theoretical attacks on SHA-1.

RIPEMD is a 128-bit, 160-bit, 256-bit or 320-bit cryptographic hash function used on TrueCrypt, and is open source. The 160-bit version is seen as an alternative to SHA-1, and is part of ISO/IEC 10118.

Tiger is a 192-bit hash function which is often used by clients within Gnutella file sharing networks, and does not suffer from known attacks on MD5 and SHA-0/SHA-1. Tiger2 is an addition, in which the message is padded with a byte of 0x80 (in a similar way to MD4, MD5 and SHA), whereas in Tiger it is 0x01. Otherwise the two methods are the same in their operation.

The Murmur hash is a non-cryptographic hash function which provides a good balance between performance and CPU utilisation and is used for general hash-based lookups. It also performs well in terms of hash collisions.

FNV (Fowler–Noll–Vo) is a 64-bit non-cryptographic hash function.

A salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Adding salt increases the range of the possible signatures.

A major factor with hash signatures is:

• Collision. This is where another match is found, no matter the similarity of the original message. This can be defined as a Collision attack.
• Similar context. This is where part of the message has some significance to the original, and generates the same hash signature. Can be defined as a pre-image attack. This is really bad, because it designates the hash function does not do a good job in hashing similar messages.
• Full context. This is where an alternative message is created with the same hash signature, and has a direct relation to the original message. This is an extension to a pre-image attack.

Cracking speed: 100 billion per second (100E9/s)

8 digit with [a-zA-z] … how many?

• Ans: 52^8 = 53,459,728,531,456

• Time to crack: 52^8 / 100E9 = ~534.597 / 2 / 60 = ~4.45

4.45 minutes (on average)

8 digit with [a-zA-z!@#$%^&*()] … how many?

• Ans: 62^8 = 218,340,105,584,896

• Time to crack: 62^8 / 100E9 = ~2,183.401 / 2 / 60 = ~18.195

18.20 minutes (on average)

8 digit with [a-zA-z!@#$%^&*()0-9] … how many?

• Ans: 72^8 = 722,204,136,308,736

• Time to crack: 72^8 / 100E9 = ~7,222.041 / 2 / 60 = ~60.183

60 minutes (on average)

The three states of Data

• Data in transit
• The internet
• A wireless connection
• Data in use
• In memory
• Other caches
• Data at rest
• In the cloud
• In a hard disk or database

All the above are insecure mediums. Depending on the application, data may need to be authenticated while at these states.

Receiver checks the HMAC code against received one – if they match the sender is validated, and the message is also confirmed

A rainbow table is a pre-computed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes.

• The rainbow table does not need to store all inputs/outputs
• Just end-points and start-points
• The longer the chains, the less needed storage … yet more initial calculations to find a matching endpoint
• That’s why its called a space/time trade-off
• End result is millions of times faster than pure brute-force

Users must adopt and trust the biometric method.

Acceptability

The acceptability of capturing a biometric sample may depend on culture, religion, age, environment, gender as well as the particular biometric method.

Distinctiveness

How unique the biometric trait is between individuals and the reliability of identification.

Permanence

The biometric trait of an individual should be sufficiently invariant over time with respect to a given matching algorithm. Typical problems might be changes of hair length, over a short time, and, over a long time, skin flexibility.

Collectability

Collectability measures how easy it is to acquire a characteristic to authenticate a user with. Fingerprints, for example, are relatively easy to acquire, and so are very commonly used.

Performance

Performance is the accuracy of identification, which is typically matched to the requirement. For example, law enforcement typically requires high level of performance, while network access can require relevantly low performance levels.

Universality

Universality is using a biometric characteristic which is present in the majority of people the system will be used for and relates to human features which translate to physical characteristics such as fingerprints, iris layout, vein structure, DNA, and so on.

DNA

This involves matching the DNA of the user, and is obviously one of the best methods of authentication, but has many legal/moral issues. It is typically only used in law enforcement applications, and also suffers from the fact that other information can be gained from DNA samples such as medical disorders. It is also costly as a biometric method, but it is by far the most reliable. Also the time to sample and analyse is fairly slow, taking at least 10 minutes to analyse. Finally, the methods used to get the DNA such as from a tissue or blood sample can be fairly evasive, but newer methods use hair and skin samples, which are less evasive.

Fingerprints

This involves scanning the finger for unique features, such as ridge endings, sweat ports, and the distance between ridges, and comparing them against previous scans. It is one of the most widely used methods, and is now used in many phones and laptops for user authentication. Unfortunately, the quality of the scan can be variable, such as for: dirty, dry or cracked skin; pressure or alignment of the finger on the scanner; and for surface contamination. The main methods used include thermal, optical, tactile capacitance, and ultra-sound.

Iris Scanning

• One of the best methods of authentication.
• Everyone has a unique iris, which is fairly complex in its pattern.
• Key characteristic marking such as the corona, filaments, crypts, pits, freckles, radial furrows and striations.
• Extremely difficult to trick the system.
• Affected by glasses which affect the quality of the image.
• Moral issues associated with this method.
• Fairly costly to implement.
• Fairly evasive in its usage, where the user must peer into a special sensor machine.
• Accuracy obviously depends on the resolution of the scanner, and the distances involved.

Retina Scan

• Shines a light into the eye.
• Analyses the blood vessels at the back of the eye for a specific pattern.
• Good method of authenticating users.
• Needs careful alignment for creditable scans.
• May cause some long term damage to the eye.

Face Recognition

• Scans the face for either a 2D or 3D image, and performs pattern.
• Match to determine the likeness to a known face.
• Optical scanning, also can be infrared (thermal) scanning.
• Distance between the eyes, width of forehead, size of mouth, chin length, and so on.
• Suffers from permanence factors that cause the face to change, such as facial hair, glasses, and obviously, the position of the head.
• Remote scanning and unobtrusive sensor.
• Poor match the further the face is away from the scanner.

Hand Geometry

• 2D or 3D image is taken of the hand.
• System measures key parameters, such as the length of the fingers, the position of the knuckles, and so on.
• One of the most widely used methods.
• One of the most acceptable from a user point-of-view.
• Can be inaccurate, and thus should only be used in low to medium risk areas.
• Typically contactless, and can handle fairly high volumes of users.
• Main application is typically in building/room access.

Vein pattern

• Scans the back of a hand when it is making a fist shape.
• View structure is then captured by infrared light.
• Finger view recognition is a considerable enhancement to this (where the user inserts their finger into a scanner).
• Produces good results for accurate recognition.

Voice Recognition

• Analysing speech against a known pattern for a user.
• Resonance in the vocal tract, and the shape and size of the mouth and nasal cavities give a fairly unique voice print.
• Used with a limit range of words, such as for passwords or pass phrases.
• Can be used remotely, especially in telephone applications.
• Degrades with background noise, along with changes to a user's voice, such as when they have a cold, or when they've been over exercising their voice.

Keystroke

• Analysing the keystrokes of a user, for certain characteristics, such as typing speed, typical typing errors, time between certain keys, and so on.
• One of the least liked authentication methods, and also suffers from changes of behaviour, such as for fatigue and distractions.
• Can be matched-up with other behavioural aspects to more clearly identify the user, such as in matching up their mouse strokes, applications that they run, and so on.

Others

• Ear shape. Analyses the shape of the ear, and has not been used in many applications. It is normally fairly obtrusive, and can involve the user posing in an uncomfortable way.
• Body odour. Analyses the body odour of a user, for the chemicals they emit (known as volatiles), from non-intrusive parts of the body, such as from the back of the hand.
• Personal signature. Analyses the signing process of the user, such as the angle of the pen, the time taken for the signature, the pen pressure, the number of times the pen is lifted, and so on.