Cracking Hashes with Python and Hashlib

Introduction to Hash Cracking

• A hash is a fixed-length string of characters generated from input data of arbitrary size.
• It is produced by a mathematical algorithm known as a hash function.
• Hash is a a one-way process. For a given hash value, it's computationally not easy to retrieve the original input data.
• Even a small change in the input data results in a vastly different hash value, a property known as the Avalanche Effect.

Hash Function

The process of generating a hash involves applying a hash function to the input data. This function employs intricate mathematical operations, transforming the data into a string of fixed length, regardless of the input size. The result is a unique hash value that acts as a digital fingerprint for the given data.

The SHA-256 is a widely used cryptographic hash function that operates on data in fixed-size blocks, producing a 256-bit (32-byte) hash value. This means that, regardless of the input size, the output of SHA-256 is always a fixed length. The algorithm employs complex mathematical operations to transform input data into a unique hash value. One of the key strengths of SHA-256 is its resistance to cryptographic attacks.

Properties of a Hash

• Deterministic:
  For a given input, the hash function will always produce the same hash value.
• Fast Computation:
  Hash functions are designed for efficiency, ensuring quick calculation of the hash value.
• Pre-image Resistance:
  Given a hash, finding the original input is computationally infeasible.
• Collision Resistance:
  It is highly improbable for two different inputs to produce the same hash value.

Use Cases of Hashes

Hashes find applications in various domains:

• Hashes are used to verify the integrity of data during transmission. By comparing the received hash value with the computed one, one can detect any alterations in the data.
• Instead of storing actual passwords, systems store their hashes. During authentication, the entered password is hashed and compared with the stored hash.
• Hashes play a crucial role in generating digital signatures. They ensure that a message hasn't been altered since the signature was created.

Example of a Hash

Let's consider the SHA256 hash function. If we apply this function to the string Hello, World!, we would obtain the hash value:

Even a slight change in the input, such as replacing the exclamation mark with a question mark(Hello, World?, results in an entirely different hash:

This illustrates the Avalanche Effect and the deterministic nature of hash functions.

Hash Cracking

Hash cracking involves the process of attempting to retrieve the original input (or "plaintext") from a given hash value. This can be invaluable in scenarios where access to a system or sensitive information is lost, but the hashed representation remains available. Python, with its extensive libraries, provides a powerful platform for hash cracking.

Setting up Hashlib Environment

Before we dive into hash cracking, it's essential to set up the environment. Ensure you have Python installed on your system, and follow the following steps:

2. Create a Virtual Environment:
   A virtual environment in Python is an isolated environment that allows you to install and manage packages separately from the system-wide Python installation, ensuring dependencies don't conflict across different projects.

   This command creates a new virtual environment named myenv.

3. Activate the Virtual Environment:
   Use the following command as per your OS to initialize the virtual environment.

   • On Windows:

   • On macOS and Linux:

The hashlib library is included as part of Python's standard library. This means that if you have Python installed, you already have access to the hashlib module.

The hashlib library offers a wide range of algorithms, including the popular SHA-256, SHA-512, MD5, and more. This library allows developers to implement hash functions without the need for a complete understanding of the underlying mathematical complexities.

The different algorithms provided for Python cracking hashes by Hashlib are:

1. SHA-256 (Secure Hash Algorithm 256-bit):
   A widely used cryptographic hash function that produces a 256-bit hash value.

2. SHA-512 (Secure Hash Algorithm 512-bit):
   Similar to SHA-256 but produces a longer, 512-bit hash value, providing increased security.

3. MD5 (Message Digest Algorithm 5):
   Although widely used in the past, it is now considered cryptographically broken and unsuitable for further use.

4. blake2b and blake2s:
   Highly secure hash functions based on the Blake2 cryptographic hash function.

How to Calculate the Hash using Hashlib?

The hashlib module provides a clean and efficient interface to apply various hash algorithms. To start, import the hashlib module and create an instance of the desired hash function. Then, feed in the data you want to hash, and the library will return the corresponding hash value. The following code illustrates this:

Output:

The output for the provided code will be the hexadecimal representation of the hashes generated for the given data Hello, World! using different hashing algorithms:

Explanation:

• Thehashlib.sha256(), hashlib.md5(), hashlib.sha512(), hashlib.blake2b(), and hashlib.blake2s() are used to create hash objects for their respective algorithms.
• The hash_object.update(data) function updates the hash object with the provided data. In this case, data is the byte string 'Hello, World!'.
• hash_object.hexdigest() returns the hexadecimal representation of the hash.

Some other useful method of the library are:

The digest() function is used to obtain a human-readable representation of the hash value. It returns the hash as a string of hexadecimal characters.

The copy() method returns the hash value as a bytes object. This means it provides the raw binary representation of the calculated hash. The length of the returned bytes object is determined by the specific hash function being used

Python Cracking Hashes

To crack a SHA256 hashed password using Python and the hashlib library, you can use the following code:

Output:

Installing Necessary Libraries:

• urllib:
  For making HTTP requests. It's also part of the Python standard library.
• termcolor:
  Allows us to add color to the printed output. Install it using the following pip command:

Code Explanation:

• The user is prompted to input a SHA256 hash value.
• The code then attempts to fetch a list of common passwords from a URL using the urlopen() method. This list contains some of the most widely used passwords and will be used to check against the provided hash.
• It iterates through each password in the list, calculates the SHA256 hash, and checks if it matches the provided hash.
• If a match is found, it prints the password in green.
• If no match is found, it prints a message in red.
• If any exception occurs during the process, it prints an error message.