1_ Hash Functions Lab

Assignment 7-1: Hash Functions Lab

COUNTERMEASURES AGAINST CYBERATTACKS

ASYMMETRIC CRYPTOGRAPHY

HASH FUNCTIONS LAB

Lab Description: In this lab you will verify the integrity of a file you download, checking to make sure it has not been changed during download.

Lab Environment: This lab only needs a device with a browser to download and upload files. You will be asked to submit screenshots of your work and respond to questions at the end.

Lab Files Needed: This lab will require you to download a file from https://www.openoffice.org/download/index.html.

Complete the following steps.

STEP 1: GO TO THE SITE HTTPS://WWW.OPENOFFICE.ORG/DOWNLOAD/INDEX.HTML.

STEP 2: DOWNLOAD THE FILE

Click on Download language pack. It’s a smaller file and will download more quickly. You should download a file with a name similar to: Apache_OpenOffice_X.X.X_Win_x86_langpack_en-US.exe

Figure 1: Download the language pack only.

STEP 3: CALCULATING THE HASH OF A FILE

Use an online hash calculator to calculate the SHA256 and SHA512 hashes for the downloaded file. You can use https://md5file.com/calculator.

If using the website, drag and drop the downloaded file or choose to upload it through the “Choose Files” button.

Copy the SHA256 and SHA512 values into a text file such as Word or Notepad.

SHA256

e096200e60936a6563489bae90786d4adf71a9e95604d98bb7933ea7647e3e38

SHA512

3c87fe91723648b3b6eee22a8cb92062fbe0d2cad0165cd724c8b8c4628224d8942c5f817a0879e11f323e9c0280e380b63fb2257658919f30b832b3ade1154f

STEP 4: SCREENSHOTS OF CALCULATED HASH VALUES

Submission 4-1: Take a screenshot of the calculated SHA256 and SHA512 values and paste it into a document.

STEP 5: GO BACK TO THE SITE HTTPS://WWW.OPENOFFICE.ORG/DOWNLOAD/INDEX.HTML.

STEP 6: RETRIEVING THE SHA256 FILE HASH

Note that there are links for the SHA256 and SHA512 hashes of the files on the site. Click on SHA256 for Language Pack. Save it on your computer and open it with Notepad.

Submission 6-1: Take a screenshot of the hash file showing the SHA256 hash value and paste it into a document.

SHA256

e096200e60936a6563489bae90786d4adf71a9e95604d98bb7933ea7647e3e38

STEP 7: RETRIEVING THE SHA512 FILE HASH

Do the same for the SHA512: Locate, download and open the SHA512 file hash for the downloaded file from the Apache Open Office Language Pack.

Submission 7-1: Take a screenshot of the hash file showing the SHA512 hash value downloaded from the OpenOffice website and paste it into a document.

SHA512

3c87fe91723648b3b6eee22a8cb92062fbe0d2cad0165cd724c8b8c4628224d8942c5f817a0879e11f323e9c0280e380b63fb2257658919f30b832b3ade1154f

STEP 8: VERIFICATION

Compare these hash values with the ones you calculated when you downloaded the file.

Download Hash

SHA256

e096200e60936a6563489bae90786d4adf71a9e95604d98bb7933ea7647e3e38

SHA512

3c87fe91723648b3b6eee22a8cb92062fbe0d2cad0165cd724c8b8c4628224d8942c5f817a0879e11f323e9c0280e380b63fb2257658919f30b832b3ade1154f

Website Hash

SHA256

e096200e60936a6563489bae90786d4adf71a9e95604d98bb7933ea7647e3e38

SHA512

3c87fe91723648b3b6eee22a8cb92062fbe0d2cad0165cd724c8b8c4628224d8942c5f817a0879e11f323e9c0280e380b63fb2257658919f30b832b3ade1154f

WHAT TO SUBMIT

Submit the three screenshots and the values of the hash values requested earlier.

SUBMISSION 4-1: Screenshot of the calculated SHA256 and SHA512 values.

SUBMISSION 4-2: Copy the MD5 and SHA256 values into Notepad or a text file.

SUBMISSION 6-1: Screenshot of the hash file showing the SHA256 hash value.

SUBMISSION 7-1: Screenshot of the hash file showing the SHA512 hash value downloaded from the OpenOffice website.

Answer these questions

QUESTION 8-1: Are the file hash values you computed in Step 3 the same as the ones published on the Adobe OpenOffice website (Steps 6 and 7)?

Yes the hash values from the download file and the ones Adobe OpenOffice provides are the same.

QUESTION 8-2: What can you conclude if the provided SHA256 hash value is the same as the one you calculated?

The file I downloaded most likely does not contain any malicious code that can compromise my system.

QUESTION 8-3: What can you conclude if the provided SHA256 hash value is different from the one you calculated?

The file I downloaded is not the file advertised on the website. This file could have malicious code that can compromise the system.

QUESTION 8-4: If the provided hash value is the same as the one you calculated, does that mean that this is absolutely the right file that delivers what it promises, or could it be malicious? Explain.

It does not guarantee the file downloaded does exactly as it is advertised. You have to trust the developer and distributer of the software that it will only do what it is supposed to.

QUESTION 8-5: How could a second hash value (such as SHA512, in this case) help to verify the integrity of the download? Explain.

SHA512 uses 64 byte when making hash values. This means it's harder recreate artificially in attempts to trick a user that the download hash is the same as the advertised hash.