Digital Forensics Report: SSH, LANMAN Hash, and SHA-512 Algorithm

Verified

Added on 2023/01/18

AI Summary

This digital forensics report provides an overview of essential concepts including SSH public keys, LANMAN hash, and the SHA-512 algorithm. It begins with an explanation of SSH public key authentication, detailing the setup process and highlighting the importance of securing data shared via public keys. The report then explores LANMAN hash, a password-based encryption mechanism, explaining its workings, including the conversion of passwords and the use of DES. The discussion extends to SSH private keys, emphasizing their role in secure remote server access and authentication, including the advantages and disadvantages of their use. Finally, the report delves into SHA-512, a cryptographic algorithm, detailing its function, the algorithm's steps, and its evolution from SHA-1. The report includes references to provide context and support the information presented.

Running head: DIGITAL FORENSIC
DIGITAL FORENSIC
Name of the student
Name of the university
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1DIGITAL FORENSIC
SSH public key
SSH helps in supporting authentication methods. There are major steps that help in
setting up public key authentication for SSH. This includes creation of key pair that is done with
SSH-keygen. In public key SSH the user shares public key to receivers. The receiver uses these
public key for decrypting the data. These data are further being used for personal use. However
these data are not secured and can be accessed by anyone having the public key. Thus it becomes
very difficult to ensure security towards the data stored. This is being done with the help of ssh-
copy-id utility. After this server is used for storing the public key and server will allow users
with private key to access the data. SSH is basically a cryptographic network protocol that helps
in performing proper network services over unsecured network (Cao et al. 2019). The different
types of keygen commands are -b bits, -C comment, -p, -t, -o, -q, -N, -F. The steps associated
with creation of SSH public key includes:
Step 1: creation of RSA key pair
This step includes creating key pair on client machine:
$ ssh-keygen –t rsa
Step2: storing the keys and passphrase
After the gen key command is entered there are some questions related to file:
Enter file in which to save the key (/home/demo/.ssh/id_rsa)
Step 3: this step includes copying public key
$ ssh-copy-id < >

2DIGITAL FORENSIC
The syntax of SSH public key is as follows:
ssh-keygen [options]
LANMAN hash
LANMAN Hash is also known as LM hash or LAN Manager Hash. This mainly
comprises passwords along with hashing function. These stores the user passwords set by users.
This is basically used for encryption mechanism that was implemented by Microsoft. Once the
end users enters there passwords, the hash function converts the characters into different
uppercase. If the password is less than 14 characters then the password gets null padded to 14
bytes. After this the hash function is used for splitting the 14 characters into halves. This is
further used for Data Encryption Standard (DES) as two separate keys (Fiterau-Brostean et al.
2017). This ensures developing effective creation of two 7-byte hashes. The regular expression
used by LANMAN Hash is as follows:
LMhash=DESeach(DOSCHARSET(UPPERCASE(password)), "KGS!@#$%")
The algorithm that is being used for LANMAN hash are described below:
First step: Converting all the lower case to upper case
Second step: the data are further being converted to 14 characters with NULL characters by Pad
password
Third step: after this the password is being divided into two 7 character chunks
Fourth step: Creating two DES keys from different 7 character chunks

3DIGITAL FORENSIC
Fifth step: after all this DES are used for encrypting the string "KGS!@#$%" with the use of two
chunks
Sixth step: the last step includes concatenating the two DES encrypted strings.
SSH private keys
SSH key provides an access credential towards the SSH protocol. The keys are automated
for processing and implementing single sign on by system. The SSH key also acts as an
authentication credential. SSH basically stands for secure shell cryptography network. These are
best used for accessing remote servers. Asymmetric ciphers are used in SSH. The data stored
within the server can be accessed by two people and are encrypted by using private keys. SSH
private key ensures proper sharing of data in an encrypted manner that data are being decrypted
with the use of private key. Further the data is being encrypted with the use of public key than
the private key is shared with receiver (Dobraunig, Eichlseder and Mendel 2015). The main
advantage is that it offers a better security than other encryption. The main purpose of using SSH
private key is that it offers better authentication towards the remote computers and allows
authenticate users to work effectively (Bhargavan and Leurent 2016). The several ways of using
SSH is that it offers better simplicity at time of encryption and offers a better authentication
towards the login. Apart from this it also ensures better identity checking with the use of private
keys. There are several disadvantages faced with this SSH 512. This includes using the private
key when it is not protected. It becomes difficult to protect password from unauthenticated users.
In addition to this it is not that scalable and has the ability to effect server and hosts key. This
helps the users to decode the details from encrypted file (Li, Li and Du 2016). The expression of
SSH private key is explained below:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4DIGITAL FORENSIC
$ ssh-keygen -C "$(whoami)@$(hostname)-$(date -I)"
SHA-512 Hash
SHA-512 is a functioning part of cryptographic algorithm SHA-2. This is an evolution of
famous SHA-1. SHA-512 is similar to Sha-256 and this is used except for 1024 bits "blocks".
This only accepts 2^128 bits as inputs and there is a maximum length string offered by these
function. The main definition of hash function is that it does not allows to reverse and if it allows
to reverse than it’s not a hash function. In addition to this there are several different options for
creating a formatted list that contains “last block(s)” (also known as “padding”) (Harchol,
Abraham and Pinkas 2018). There are different update functions available for SHA, that is
_update() functions (Cheng, Dinu and Großschädl 2018). This gets easier to handle the situation
and has the ability to operate on different block sizes: SHA-256 uses 24 bytes whereas 128 bytes
are used by SHA-512.
The algorithm for SHA 512: SHA-512("The quick brown fox jumps over the lazy dog")
= 07E547D9 586F6A73 F73FBAC0 435ED769 51218FB7 D0C8D788 A309D785
436BBB64
The algorithm used for SHA 512 is described below:
 The message is divided into 1024- bit chunks that are further used.
 Secondly the initial hash values get extended along with round constants to 64 bits.
 This includes total 80 rounds
 The scheduled message is being described within the array size of 80 – 64-bit words
instead of 64 – 32-bit words (Jadeja and Parmar 2016).

5DIGITAL FORENSIC
 In order to extend the message the array gets scheduled to w, and the loop gets started
from 16 to 79 instead of 16 to 63.

6DIGITAL FORENSIC
References
Bhargavan, K. and Leurent, G., 2016, February. Transcript collision attacks: Breaking
authentication in TLS, IKE, and SSH. In Network and Distributed System Security Symposium--
NDSS 2016.
Cao, P.M., Wu, Y., Banerjee, S.S., Azoff, J., Withers, A., Kalbarczyk, Z.T. and Iyer, R.K., 2019.
{CAUDIT}: Continuous Auditing of {SSH} Servers To Mitigate Brute-Force Attacks. In 16th
{USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 19) (pp. 667-
682).
Cheng, H., Dinu, D. and Großschädl, J., 2018, November. Efficient implementation of the SHA-
512 hash function for 8-bit AVR microcontrollers. In International Conference on Security for
Information Technology and Communications (pp. 273-287). Springer, Cham.
Dobraunig, C., Eichlseder, M. and Mendel, F., 2015, November. Analysis of SHA-512/224 and
SHA-512/256. In International Conference on the Theory and Application of Cryptology and
Information Security (pp. 612-630). Springer, Berlin, Heidelberg.
Fiterau-Brostean, P., Lenaerts, T., Poll, E., de Ruiter, J., Vaandrager, F.W. and Verleg, P., 2017,
July. Model learning and model checking of SSH implementations. In SPIN (pp. 142-151).
Harchol, Y., Abraham, I. and Pinkas, B., 2018, July. Distributed ssh key management with
proactive rsa threshold signatures. In International Conference on Applied Cryptography and
Network Security (pp. 22-43). Springer, Cham.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7DIGITAL FORENSIC
Jadeja, N. and Parmar, V., 2016. Implementation and mitigation of various tools for pass the
hash attack. Procedia Computer Science, 79, pp.755-764.
Li, D., Li, J. and Du, Z., 2016, December. Deterministic and efficient hash table lookup using
discriminated vectors. In 2016 IEEE Global Communications Conference (GLOBECOM) (pp. 1-
6). IEEE.