SCHOOL OF COMPUTER SCIENCE AND ENGINEERING Fall

Semester 2020-21
Name: Jaanaavi Wasade
Registration Number:18BCE0743
Course Code: CSE3501
Course Name: Information Security Analysis and audit
Slot: L21 +L22
Faculty: Vimala Devi K

Lab Assessment -3
Securing form authentication credentials

Secure Hash Algorithms

Secure Hash Algorithms, also known as SHA, are a family of cryptographic functions
designed to keep data secured. It works by transforming the data using a hash function: an
algorithm that consists of bitwise operations, modular additions, and compression functions.
The hash function then produces a fixed-size string that looks nothing like the original. These
algorithms are designed to be one-way functions, meaning that once they’re transformed into
their respective hash values, it’s virtually impossible to transform them back into the original
data. Secure Hash Algorithm 1 is a cryptographic hash function which takes an input and
produces a 160-bit (20-byte) hash value. This hash value is known as a message digest. This
message digest is usually then rendered as a hexadecimal number which is 40 digits long. It is
a U.S. Federal Information Processing Standard and was designed by the United States
National Security Agency. SHA-1 is now considered insecure since 2005. Major tech giants’
browsers like Microsoft, Google, Apple and Mozilla have stopped accepting SHA-1 SSL
certificates by 2017.
Cryptographic hash functions are utilized in order to keep data secured by providing three
fundamental safety characteristics: pre-image resistance, second pre-image resistance, and
collision resistance.
A cryptographic hash or ‘digest’ is a kind of ‘signature’ for a text or a data file. SHA-256
generates an almost-unique 256-bit i.e. 32-byte signature for a text. A hash is not
‘encryption’, it cannot be decrypted back to the original text (it is a ‘one-way’ cryptographic
function, and is a fixed size for any size of source text). This makes it suitable when it is
appropriate to compare ‘hashed’ versions of texts, as opposed to decrypting the text to obtain
the original version.
Attacks:
Cryptography wouldn’t be as quickly developed if it weren’t for the attacks that compromise
their effectiveness. One of the most common attacks is known as the primeage attack, where
pre-computed tables of solutions are used in a brute-force manner in order to crack
passwords. The solution against these kinds of attacks is to compose a hash function that
would take an attacker an exorbitant amount of resources, such as millions of dollars or
decades of work, to find a message corresponding to a given hash value.
Other attacks exist that attempt to exploit mathematical properties in order to crack hash
functions. Amongst these is the birthday attack, where higher likelihood of collisions are
found when using random attacks with a fixed number of letter combinations, or the rainbow
table attack, where a pre-computed hash table is used to reverse a hash function in order to
crack passwords.

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
class GFG {
public static String encryptThisString(String input)
{
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] messageDigest = md.digest(input.getBytes());
BigInteger no = new BigInteger(1, messageDigest);
String hashtext = no.toString(16);
while (hashtext.length() < 32) {
hashtext = "0" + hashtext;
}
return hashtext;
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
public static void main(String args[]) throws
NoSuchAlgorithmException
{
System.out.println("HashCode Generated by SHA-1 for: ");
String s1 = "Jaanaavi Wasade";
System.out.println("\n" + s1 + " : " + encryptThisString(s1));
String s2 = "hello world";
System.out.println("\n" + s2 + " : " + encryptThisString(s2));
}
}
In Cryptography, SHA is cryptographic hash function which takes input as 20 Bytes and
rendered the hash value in hexadecimal number, 40 digits long approx.
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

class GFG {
public static byte[] getSHA(String input) throws NoSuchAlgorithmException
{
MessageDigest md = MessageDigest.getInstance("SHA-256");
return md.digest(input.getBytes(StandardCharsets.UTF_8));
}
public static String toHexString(byte[] hash)
{
BigInteger number = new BigInteger(1, hash);
StringBuilder hexString = new StringBuilder(number.toString(16));
while (hexString.length() < 32)
{
hexString.insert(0, '0');
}
return hexString.toString();
}
public static void main(String args[])
{
try
{
System.out.println("HashCode Generated by SHA-256 for:");
 String s1 = "Jaanaavi Wasade";
System.out.println("\n" + s1 + " : " + toHexString(getSHA(s1)));
String s2 = "Information Security Analysis and Audit";
System.out.println("\n" + s2 + " : " + toHexString(getSHA(s2)));
}
catch (NoSuchAlgorithmException e) {
System.out.println("Exception thrown for incorrect algorithm: " + e);
}
}
}