Hash Cracker

DISCLAIMER

Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.  

Please ensure you are using the latest SD Card image which is available here.

 

Teacher Overview

The act of changing information from one state to another to prevent unintentional interception has been happening for over 2000 years. The earliest know cipher is the Caesar cipher which falls into the category of a substitution-cipher. There are many other cipher categorise such as transposition ciphers, polyalphabetic and symmetric and asymmetric encryption. The simplest to understand is the Caesar cipher because this is just a simple alphabetic shift to the left or the right. The only thing that the recipient needs to know beforehand is how many letters the cipher has shifted and in what direction. The Vigenere cipher is an evolution of the Caesar cipher and uses a keyword to then create the ciphertext. The main purpose of encryption is to create a result (ciphertext) that can also be reversed (2 way mathematical function) or else the data is lost and cannot be returned.

Capture.PNG

Over the years encryption standards have increased in complexity and started to introduce mechanical elements to creating the keyphrase and thus were needed in the decryption process as well. The German Enigma machine was used extensively during WWII and was very successful in creating a cipher that couldn’t be broken. The principle of the Enigma machine was how specific cogs were positioned and when each letter was typed out the cogs rotated and created a new cipher for the next letter. Without a copy of the Enigma machine and the cog layout for that day it was impossible to decrypt any of the messages. It was only until a team (Including Peter Twinn, Alan Turning and Gordon Welchman, all incredibly proficient mathematicians) working at Bletchley Park (the origin of GCHQ) that the Enigma machine was broken on a wide scale. This event was one of the 1st times that a machine was created to break another machine, Colossus vs Engima, and they were both “programmed” in a fashion. This then lead to other technological advancements like the computer and encryption was integrated into these devices from an early stage.

There are 100’s of encryption standards used for different protocols and different requirements. The main 2 encryption categories in use today are symmetric and asymmetric encryption. Symmetric encryption applies to data that is stored, usually on a server, or a PC hard drive and it isn’t being transferred. The algorithms change the data that is stored on the hard drive into ciphertext that if that hard drive was scanned then the information would look like garbage. Asymmetric encryption is applied to data that is being transferred, such as when you connect to HTTPS websites, or use a VPN etc and the data is moving between 2 points. Asymmetric encryption works a private and public key relationship to encrypt the information being transferred so only devices that hold specific information can decrypt the data. This prevents man-in-the-middle attacks from seeing the data that is being transferred between 2 devices.

Hashing is related to encryption but only goes ½ way. Instead of being a 2 way cryptographic function the hashing algorithm is meant to be 1 way. Creating a hash value that is unique and should not be related to plaintext password/phrase that was put into it. Hashing was created to not store plaintext passwords in a database and increase the security of the data that is stored there. A lot of attacks happen against databases and if the details are left in plaintext then they can be extracted quickly and released to the public. There are different hashing algorithms, some are less secure than others. MD5 is a very old hashing standard, and while it has been broken for over 20 years is still in use. This is because it creates a hash quickly and requires very little processing power, but it shouldn’t be used for any information other than referencing to quickly see if a file has been changed or not for example. Tools like John the Ripper use extensive word lists to reference against the hash and once a match has been found it records it and presents it to the screen.

Suggested Year Group

The suggested age group is 14+, this project introduces concepts that can link into other subjects like mathematics and is a good age to introduce the importance of strong passwords and security to.

 

Learning Outcomes

  • Instruct the students about encryption – introduce the Caesar cipher

  • Introduce how hashing is different to encryption

  • Show the students how to create a list of MD5 hashes for cracking

 

Hardware Required

Component Number (Peli Case)

(Base) 4 & 5 

(Level 1) 3 

(Base) 5 

(Base) 9 

(Level 1) 3 

(Level 1) 3 

(Level 1) 5 

(Level 1) 1 

Component Number (Box Case)

Slot 1

Slot 11

Slot 11

Slot 2

Slot 11

Slot 11

Slot 12

Slot 13

Component

Raspberry Pi + Case 

USB Cable 

Kali SD Card 

TFT Screen 

HDMI Cable 

Keyboard 

Mouse 

Power Supply Unit 

 

VIDEO GUIDE

 

Conclusion

This project is intended to introduce how encryption and hashing is applied. There are many methods of encrypting information and this process can be dated back over 2000 years, there has always been a reason to keep information secret. While encryption and hashing is a very good practice it also needs to apply strong encryption and hashing algorithms or the information that you are trying to protect will easily be cracked. The issue with stronger encryption and hashing algorithms is the processing power and slower speed that they create their results in. There is a balance that must be found when looking at encryption. High encryption can make a computer work very slowly because it is too busy working on the encryption process and less time on what you are trying to do.