Hashing is an important concept that you should understand if you plan on taking any type of security exam, including the CompTIA Security+ and CASP exams, and (ISC)2’s SSCP and CISSP exams.
Hashing Security+ Questions
Here are a couple of hashing questions to check your comprehension. As with any practice test questions, not only should you know why the correct answers are correct, but also why the incorrect answers are incorrect. This way, no matter how CompTIA words the questions, you’ll be able to answer them correctly.
Hashing Question 1
Q1. Of the following choices, what can you use to verify data integrity?
A. AES
B. DES
C. RC
D. SHA
Hashing Question 2
Q2. Lisa manages network devices in your organization and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, she creates hashes for these files and compares them with hashes she created on the same files the previous week. Which security goal is she pursuing?
A. Confidentiality
B. Integrity
C. Availability
D. Safety
Answers (with explanations) are at the end of this post.
Get over 400 Security+ (SY0-401 questions here). |
Hashing Files for Integrity
You can verify integrity with hashing. Hashing is an algorithm performed on data such as a file or message to produce a number called a hash (sometimes called a checksum). The hash is used to verify that data is not modified, tampered with, or corrupted. In other words, you can verify the data has maintained integrity.
For example, imagine a software company is releasing a patch for an application that customers can download. An administrator calculates the hash of the patch file and then posts both a link to the patch file and the hash on the company site. The website might list it as:
- Patch file. applicationPatch.exe
- MD5 checksum. 367f0ed4ecd70aefc290d1f7dcb578ab
The Message Digest 5 (MD5) checksum is the calculated hash displayed in hexadecimal.
Why Bother with Hashing Files?
The administrator that posted the patch file knows the file is clean and does not include any malware. It only includes patches.
However, is it possible for this patch file to become infected with malware? Absolutely.
Would you want to know if the file you downloaded was different than the file that the administrator posted to the website? Most people say yes.
After downloading the file, you can calculate the hash and compare it to the posted hash.
- If the hashes are the same, you know the file hasn’t lost integrity.
- If the hashes are different, you know the file has lost integrity. Indeed, it might be infected with malware.
Comparing Hashes
There are several applications you can use to manually calculate hashes. As an example, md5sum.exe is a free program anyone can use to create hashes of files. A Google search on “md5sum download” will show several locations. The md5sum application runs the MD5 hashing algorithm against a file to create a hash.
Imagine that you downloaded the patch file from the company’s site. After downloading it, you can use md5sum to calculate the hash on the downloaded file as shown in the following figure.
The first command in the figure is dir (to show the contents of the directory).
Step 1 runs md5sum against the file with this command: md5sum applicationPatch.exe
- The result is a hash of 367f0ed4ecd70aefc290d1f7dcb578ab
- Compare this to the posted md5 checksum of 367f0ed4ecd70aefc290d1f7dcb578ab
- These are the same so you know the file has not lost integrity (or said another way, it hasn’t changed)
A key point about a hash is that no matter how many times you execute the hashing algorithm against the data, the hash will always be the same as long as the data is the same.
- Step 2 repeats the command and the hash is the same.
- Step 3 repeats the command and the hash is the same.
Remember this
Hashing verifies integrity for data such as email, downloaded files, and files stored on a disk. A hash is a number created with a hashing algorithm, and is sometimes listed as a checksum. Hashing algorithms, such as MD5, HMAC, or SHA-1, calculate hashes to verify integrity. By comparing hashes created at different times, you can verify integrity has been maintained.
Hashing Key Points
- Hashes are created at least twice so that they can be compared.
- Hashes will always be the same when executed against the same data.
- If the hashes are different, it indicates the data has changed (or lost integrity).
Now available
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
Hashing Security+ Questions with Answers
Here are the answers to the two Security+ hashing questions listed at the beginning of this post.
Q1. Of the following choices, what can you use to verify data integrity?
A. AES
B. DES
C. RC4
D. SHA
A1. D is correct. Secure Hash Algorithm (SHA) is one of many available hashing algorithms used to verify data integrity.
None of the other options are hashing algorithms. Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Rivest Cipher 4 (RC4) are symmetric encryption algorithms.
This question is a good example of how you can answer questions correctly just by knowing the relevant hashing algorithms (such as MD5, SHA, and HMAC) and the relevant encryption algorithms.
Q2. Lisa manages network devices in your organization and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, she creates hashes for these files and compares them with hashes she created on the same files the previous week. Which security goal is she pursuing?
A. Confidentiality
B. Integrity
C. Availability
D. Safety
A2. B is correct. She is pursing integrity by verifying the configuration files have not changed. By verifying that the hashes are the same, she also verifies that the configuration files are the same.
Confidentiality is enforced with encryption, access controls, and steganography. Availability ensures systems are up and operational when needed. Safety goals help ensure the safety of personnel and/or other assets.
