Task 1: Generating one-way hashes

As studied in class, passwords are stored in hashed form, using particular cryptographic one-way hash functions. This functions are easy to compute but infeasible to invert: given a hash z there’s no efficient algorithm to find a message m such that h(m) is z. Popular one-way hash functions are: sha1, sha2, md5.

Note: sha1 and md5 has been recently shown to be vulnerable to collision attacks. Collision resistance is a different property than being one-way. So, such attacks, are not problematic for what concerns password security.

It is easy to hash passwords “by hand” from the linux shell:

$ echo -n 'pwd' | md5sum | tr -d ' -'
9003d1df22eb4d3820015070385194c8

Explanation:

  • echo -n 'pwd' prints pwd omitting the trailing newline;
  • | md5sum  takes the output of previous command and computes md5 hash on it;
  • | tr -d ' -'  removes the trailing ' -' produced by md5sum, leaving just the hash

Exercise 1

  1. Try yourself with other passwords
  2. Try to run the single commands to see what happens
  3. Compute the md5 hash of the md5 hash of let_me_go_to_the_next_level . In other words compute md5(md5(let_me_go_to_the_next_level)) . This will give you the password for task 2!