Chapter 14 - 03 - Discuss Various Hash Functions and Cryptography Tools - 02_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Cryptography

HMAC
The hash-based message authentication code (HMAC) is a type of
message authentication code (MAC) that makes use of a cryptographic
key in combination with a cryptographic hash function

EEEEEN
This algorithm includes an embedded hash function such as
SHA-1 or MD5

The strength of HMAC depends on the embedded hash function,
key size, and the size of the hash output

As the HMAC executes the underlying hash function twice, it protects
the data from various length extension attacks

HMAC
Hash-based message authentication code (HMAC) is a type of message authentication code
(MAC) that uses a cryptographic key along with a cryptographic hash function. It is widely used
to verify the integrity of data and authentication of a message. This algorithm includes an
embedded hash function such as SHA-1 or MDS5. The strength of HMAC depends on the
embedded hash function, key slize, and size of the hash output.
HMAC includes two stages for computing the hash. The input key is processed to produce two
keys, namely the inner key and the outer key. The first stage of the algorithm inputs the inner
key and message to produce an internal hash. The second stage of the algorithm inputs the
output from the first stage and outer key and produces the final HMAC code.
As HMAC executes the underlying hash function twice, it offers protection against various
length extension attacks. The size of the key and the output depends on the embedded hash
function, e.g., 128 or 160 bits in the case of MD5 or SHA-1, respectively.

Module 14 Page 1676 EG-Council
Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

Modes of Authenticated Encryption
o| —
QO Modes of authenticated encryption ensure the integrity and confidentiality of transmitted
0O.'_ ==
messages and rectifies the problem of chosen ciphertext attacks e———

Authenticated Encryption with Message
IMlessage :' Authenticated Encryption with
Authentication Code (IVIAC)
(IMIAC) i' Associated Data (AEAD)

» The message authentication code (MAC) is a » AEAD is another approach used to ensure the
value obtained by hashing a plaintext v integrity and authenticity of a message
message using a shared secret key
» This approach adds additional data to the
= Encrypt-then-MAC (EtM) : ciphertext at certain places to thwart chosen
ciphertext attacks
= Encrypt-and-MAC (E&M)

** MAC-then-encrypt (MtE)
MAC-then-encrypt (MtE) %
E
i_ ¢¢

Copyright © by E.L All Rights Reserved. ReproductionIs Strictly Prohibited.
Prohibited

Modes of Authenticated Encryption
Authenticated encryption (AE) modes of operation provide integrity and confidentiality for a
transmitted message. In any cipher mode of operation, encryption/decryption is possible only
with the shared secret key, preventing man-in-the-middle (MITM) attacks. However, the
attacker can perform a chosen ciphertext attack to crack the encryption schema. The AE
schema rectifies the problem of chosen cipher attacks. In AE modes, the ciphertext is combined
with a message authentication code (MAC). Therefore, choosing a part in the ciphertext is not
possible, and the AE scheme rejects improper ciphertexts while decrypting.
Authenticated encryption with Message Authentication Code (MAC)
A MAC is a value obtained by hashing a plaintext message using a shared secret key. It provides
integrity for the message, and the receiver can verify the message using the hash value
attached to it. The following are the three different ways of using a MAC while encrypting a
message.
= Encrypt-then-MAC (EtM)
In this approach, the plaintext is first encrypted using a secret key. For the obtained
ciphertext, a hash value called message authentication code (MAC) is generated. The
MAC is attached to the ciphertext and transmitted. This approach provides higher
security for the transmitted message than other AE approaches.
* Encrypt-and-MAC (E&M)
In the E&M approach, a MAC is first generated for the plaintext, following which the
plaintext is encrypted using a secret key. Finally, both the ciphertext and MAC are
combined and transmitted.

Module 14 Page 1677 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

= MAC-then-encrypt (MtE)
In the MtE approach, a MAC is first generated for the plaintext using the hash function,
and the MAC is combined with the plaintext. The combination of the plaintext and MAC
is encrypted with a secret key to produce ciphertext. The ciphertext contains the
encrypted MAC.

Authenticated Encryption with Associated Data (AEAD)
AEAD is another approach used to ensure the integrity and authenticity of a message that
contains both encrypted and unencrypted data. This approach adds additional data to the
ciphertext at certain places to thwart chosen ciphertext attacks. The message header is kept
unencrypted so that the receiver can verify the source of the message, and the payload is
encrypted to ensure confidentiality.

Module 14 Page 1678 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

IMDS5 and MD6
MDS5 Hash Calculators
MDS
DS Calculator
- MD6 Hash Generator

0 06
MDS Calculator
2 MDS - X https://www.browserling.com
https://www.browserling.com

- — T
File Tool:
Tools Help

Fie Name :
[|CCTsers A Desktco
\Users\Admin' maseaic(1
Deaktcp'md Scaic(1 00 0.0)
0.0) mama |]. v=0 w ,
=
(G ] All Hash Generator

OO0
Lo ] ' https://www.browserling.com
https://www.browserling.com
MDS Digest
MD5 Digest Compare
Compare To
To ‘
‘
[Frrtitecdecatsitenicesia
[543a8108cdecab 05186771 Tec 5ot | | ] _A_.
][[] Upper cae
case
B.
(2] Mashityfiles
[£] MashAtyFiles --
MD6 Hash Generator
0Q Xb4 https://convert-tool.com
https://convert-tool.com
Fde Edt View Optons Help
e — |= -
hitps.//www. builzip.com
htps//www. bullzip.com VTNaouwdS 0 | LB - lfl NN A*
Fiename
Flename D5
MD5 SHAY
SHAY cren
CRCR A|~
£13076-6123-1-SMpat
=] 3076-6123-1-SM paf |437T10¢et9
11129457 0eafe3ba0bES!
A3TT19¢ef9111254570eale3ba0bES! 6211145957441cc0BABAD5203NaN000e
E2111d5057481¢c060ELb5293 ol 40500199195 cicdDed
cocdDedf
(%]5] 190627190627-habc-wins-a...
hbc-warns-a... |HeeabTds102000c1256400cR26M0d
|Heeab Td%402000¢ 125044082630 140dTeeTadadi0ela MR0BISICCILe2
14307 e Ta3a 532600 5165088 M1
S cC 14e2 1513 27448063
2744503 mdS
md5 hash
hash generator
generator
& futureintemet-11-0C0...
%] futureintemet-11-000... [a7cecci2e3919374ef30250603db1
a7cecci2e3519374ef30250b03d BT 22200062533443 30680950007 T4c66MTc...
222000423)54d33060099a00cadTc TcEENTc... 6oa5Tdan
62257400 https://onlinehashtools.com
https://onlinehashtools.com
fluhMy
nuhMy o& Heristayout
Heriztayout prgg cdd1110137a817606324027228000849
cdd}1101372517606324027228300049 JeIbSTRARAL0BAH2AILAISA
JeIbSTRa0LS00AI2ILAIIA 10 1 20cefS,,
1401 240cefS.., 678005
67E0beS]
Fil ]] VOTE_01UOTE_01,02 2016 P5....
02 2016 PS.... |603049637730970760d307b2177024...
|6039496377399707e04397b217702d... $1ecf6203b9a5b8b8C102b12d90catde
$1edf620305a5b3b8 1l T4...
1020 12390cabdc 1074, 3691750¢
3691750
Files
es &] imgpsh_mobile_save.... |aTbabbbdtc2a88tba 0eedsdi0cel7...
0eedadi0cel7... 2bdSH212T30ebieldc 702002043355 1006084,
2bdSH212T30ebeldcTa20e204335 10060841, 6cHOB