Page 12 - 11Cyber
P. 12
While a short input text of a hash code may be deter-
mined quite easily, note that I did not say it could be
Un-Encrypted or Cracked. For this demonstration, I
will be using the Art-4 algorithm. Thus, any input
string will generate a 4-character hash (cuz my brain
is very small).
You will be playing the part of the internet's bad guys.
First, I will show you five input strings (a dictionary of
passwords) that have been hashed with the Art4()
algorithm. This will represent the bad guys' precom-
puted Hash Table Dictionary (see part 1 for a descrip-
Time is Money tion of this).
Got your answer? Input String ART4() hash
Did you make hash? AAAAAAAA = aee9
If you said "soccer ball," you are right. Those 11 longword = 9546
characters are the hash of that input string. I told
you this was easy. BUT if I had said to you "soccer
ball "at the beginning of this article or in a conversa- Password = dc647
tion, what is the chance you would have responded
with the exact text - Password99 = e6ab
"I am larger than a softball, smaller than a basket- Willam1 = b4b9
ball I am covered with black and white pentagon
shapes, and if you kick me into the net, you will
score one point What Am I?" {Note all of these passwords have been Pawned (3).
Someone has actually used them!}
But wait. There are many Hash Algorithms and what
you just gave me was the American-11 algorithm. Imagine a bank had a Data Breach (someone inside
What would you have said if you lived in London? opened an email and clicked on a "Link." You know
the rest of the story!) The bank had saved customers'
passwords using my algorithm. Their records are in
Sure, I hope you understand in that part of the the database, which was stolen from a bank.
world, they have said FOOTBALL .
I want YOU to see if you can 'Crack' any of the bank's
Because that, you see, is the British-8 algorithm. data and tell me whose password you 'cracked.'
Not to be confused with the Spanish-6 algorithm,
which would have said FúTBOL . Different Algo-
rithms might produce different lengths. Yet, they are Here is a bit of the data breach file:
all only 'indicators' of the same exact input. But they
do not un-anything any of them. The hash does not Username Password hash Balance
contain the input string. So it can't be Cracked.
Joe 3255 $10,100
A Hard Nut to Crack?
Mary 7bb4 $101,000
In the paragraph ti-
tled We Both Win, I
said, "the hash code Beavis 9546 $52.14
for a short password
is of little value be- Bill 5835 $250,000
cause it can be deter- (Continued on page 13)
mined quite easily."
Cyber Awareness Bulletin 12 October 2021
