Hashing algorithms must have three characteristics:
|Secure Hash Algorithm (SHA)||A one- way hash that provides a hash value that can be used with an encryption protocol. Produces a 160- bit hash. SHA-2 has 224, 256, 334 adn 512 bits. SHA-3 has been released, but there are no known issues with SHA-2. So SHA-2 is still standard.|
|Message Digest Algorithm (MD)||Also a one- way hash. The most common are MD5, MD4, and MD2. MD5 produces a 128- bit hash. The algorithm is more complex than the predecessors and offers greater security. It doesn’t have strong collision resistance, that’s why SHA are the recommended alternatives.|
|GOST||A symmetric cipher developed in the old Soviet Union that has been modified to work as a hash function. Produces a 256-bit hash.|
|LANMAN||LANMAN was used prior to the release of Windows NT for authentication. It used LM Hash and two DES keys.|
|NTLM||Microsofts replacement for LANMAN. It uses MD4/5 hashing algorithms. However Microsoft pointed to Kerberos as being its preferred authentication protocol.|
A hash is not impossible to hack, even if hashing algorithms are not reversible. A “fast” way is to use Rainbowtables. A much longer approach would be brute- forcing.
With a rainbow table, all of the possible hashes are computed in advance. This means you create tables with all possible two, three, four, …, n character combinations and the corresponding hash of the combinations using known hashing algorithms. Like the ones listed above.
Tools like OphCrack use rainbow tables.
A counter to rainbow tables is called salt. You pratically just add bits before or after the hash. This nullifies most rainbow table attacks and makes the hackers salty.