https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35745#M2688 Hashdeep/md5deep if I am doing manual hashes.<BR /><BR />I run MD5 AND SHA-256.<BR /><BR />Possible collisions on one or the other. Collisions from two different algorithms? There isn’t a number big enough to define the odds.<BR /><BR />-Eric Mon, 18 May 2020 13:07:04 GMT Baechle 2020-05-18T13:07:04Z https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35124#M2618 <P>What software tools do you use for performing file hashes?&nbsp; And when you hash, are you especially careful to use SHA256, or do you use MD5?</P> Mon, 27 Apr 2020 12:59:46 GMT https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35124#M2618 ericgeater 2020-04-27T12:59:46Z https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35141#M2622 <P>No comment on commercial tools <img id="smileywink" class="emoticon emoticon-smileywink" src="https://community.isc2.org/i/smilies/16x16_smiley-wink.png" alt="Smiley Wink" title="Smiley Wink" /> since our shop builds and integrates software. We rely heavily upon hash function guidance provided by <A href="https://csrc.nist.gov/Projects/Hash-Functions" target="_blank" rel="noopener">NIST</A>. Specifically, we reference FIPS 202, which specifies the new SHA-3 family of permutation-based functions based on<SPAN>&nbsp;</SPAN><A href="http://keccak.noekeon.org/" target="_blank" rel="noopener">KECCAK</A><SPAN>&nbsp;</SPAN>as a result of the<SPAN>&nbsp;</SPAN><A href="https://csrc.nist.gov/projects/hash-functions/sha-3-project" target="_blank" rel="noopener">“SHA-3” Cryptographic Hash Algorithm Competition</A>.</P><P>&nbsp;</P><P>FIPS 202 specifies:</P><P>&nbsp;</P><UL><LI><EM>Four fixed-length hash algorithms:&nbsp;<STRONG>SHA3-224, SHA3-256, SHA3-384,</STRONG>&nbsp;and&nbsp;<STRONG>SHA3-512</STRONG>; and</EM></LI><LI><EM>Two closely related, “extendable-output” functions (XOFs):&nbsp;<STRONG>SHAKE128</STRONG>&nbsp;and&nbsp;<STRONG>SHAKE256</STRONG>.</EM></LI></UL><P>Currently, only the four fixed-length SHA-3 algorithms are<SPAN>&nbsp;</SPAN><EM>approved</EM><SPAN>&nbsp;</SPAN>hash algorithms, providing alternatives to the SHA-2 family of hash functions.<SPAN>&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>A lot of these algorithms have found their way into the <A href="https://www.bouncycastle.org/java.html" target="_blank" rel="noopener"><STRONG>Legion of the Bouncy Castle</STRONG></A>&nbsp;Java cryptography APIs and&nbsp;FIPS mode "jars" so that makes including the functions easy.</SPAN></P> Tue, 28 Apr 2020 03:19:06 GMT https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35141#M2622 AppDefects 2020-04-28T03:19:06Z https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35466#M2654 <P>Thanks, by the way!</P> Fri, 08 May 2020 12:07:11 GMT https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35466#M2654 ericgeater 2020-05-08T12:07:11Z https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35745#M2688 Hashdeep/md5deep if I am doing manual hashes.<BR /><BR />I run MD5 AND SHA-256.<BR /><BR />Possible collisions on one or the other. Collisions from two different algorithms? There isn’t a number big enough to define the odds.<BR /><BR />-Eric Mon, 18 May 2020 13:07:04 GMT https://community.isc2.org/t5/Tech-Talk/Preferred-hashing-tools/m-p/35745#M2688 Baechle 2020-05-18T13:07:04Z