CompTIA Security+ (SY0-601): Hashing
This section explains cryptographic hash functions like MD5 and SHA, which produce fixed-length, unique message digests. It also covers important concepts like one-way encryption and collisions, where two different inputs result in the same hash—critical knowledge for understanding data integrity and security verification.
Hash
A one-way cryptographic function which takes an input and produces a unique message digest
Key Terms
Hash
A one-way cryptographic function which takes an input and produces a unique message digest
MD5
Message Digest 5:
Algorithm that creates a fixed-length 128-bit hash value unique to the in...
Collision
Condition that occurs when two different files create the same hash digest
SHA
Secure Hash Algorithm
SHA1
Algorithm that creates a fixed-length 160-bit hash value unique to the input file
RIPEMD
RACE Integrity Primitive Evaluation Message Digest:
An open-source hash algorithm that crea...
HMAC
Hash-based Message Authentication Code:
Uses a hash algorithm to create a level of assurance as to the integrity and authenticity of a give...Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Hash | A one-way cryptographic function which takes an input and produces a unique message digest |
MD5 | Message Digest 5: Algorithm that creates a fixed-length 128-bit hash value unique to the input file |
Collision | Condition that occurs when two different files create the same hash digest |
SHA | Secure Hash Algorithm SHA1 SHA2 SHA3 |
RIPEMD | RACE Integrity Primitive Evaluation Message Digest: An open-source hash algorithm that creates a unique 160-bit, 256-bit, or 320-bit message digest for each input file |
HMAC | |
Hashing: Digital Signatures | Digital signatures prevent collisions from being used to spoof the integrity of a message Digital signatures use either DSA, RSA, ECDSA, or SHA |
Code Signing | Uses digital signatures to provide an assurance that the software code has not been modified after it was submitted by the developer |
LANMAN (LM Hash) | Original version of password hashing used by Windows that uses DES and is limited to 14 characters |
NT LAN Manager Hash (NTLM Hash) | Replacement for LM Hash that uses RC4 and was released with Windows NT 3.1 in 1993 |
NTLMv2 | Replacement for NTLM Hash that uses HMAC-MD5 and is considered difficult to crack NTLMv2 is used when you do not have a domain with Kerberos for authentication |
Hashing Attacks: Pass the Hash | A technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the associated plaintext password Difficult to defend against Mimikatz: |
Hashing Attacks: Birthday Attack | Technique used by an attacker to find two different messages that have the same identical hash digest Collision |
Increasing Hash Security: Key Stretching | A technique that is used to mitigate a weaker key by performing multiple processes WPA, WPA2, PGP, bcrypt, and other algorithms utilize key stretching bcrypt: Generates hashes from passwords, uses Blowfish to perform multiple rounds of hashing |
Increase Hash Security: Salting | Adding random data into a one-way cryptographic hash to help protect against password cracking techniques A “nonce” is used to prevent password reuse |