A Brief Summary and Demonstration of Hash functions Collisions July 2011 1.

Slides:



Advertisements
Similar presentations
AES Sub-Key Generation By Muhammad Naseem. Rotate Word 09CF4F3C.
Advertisements

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 8: Hashing Note: only 3 people.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
SHA-1 collision found Lukáš Miňo, Richard Bartuš.
MD5 SHA-1 HMAC CSCI E-170 L06: Crypto 1 October 25, 2004.
Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel.
Week 3 - Wednesday.  What did we talk about last time?  DES  Started AES.
MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.
Hard and easy components of collision search in the Zémor- Tillich hash function: New attacks and reduced variants with equivalent security Christophe.
“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Topic 1.Background 2.“Chinese” collision attacks 3.Results for MD4 and MD5.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Traveling Salesman Problems Repetitive Nearest-Neighbor and Cheapest-Link Algorithms Chapter: 6.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptographic Hash Functions July Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on.
Computer Science Public Key Management Lecture 5.
Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
HASH Functions.
Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.
Graph Partitioning Problem Kernighan and Lin Algorithm
Advanced Unix 25 Oct 2005 An Introduction to IPsec.
Chapter 4 sections 1 and 2.  Fig. 1  Not connected  All vertices are even.  Fig. 2  Connected  All vertices are even.
Cryptographic Hash Functions June Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure 
Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.
Brand-New Hash Function   BeeM A. Satoh SCIS2006 SHA-1 Broken! Prof. Xiaoyun Wang.
Hash and Mac Algorithms. Contents Hash Functions Secure Hash Algorithm HMAC.
If the hash algorithm is properly designed and distributes the hashes uniformly over the output space, "finding a hash collision" by random guessing is.
AES (Advanced Encryption Standard) By- Sharmistha Roy M.Tech, CSE 1 st semester NIT, Agartala.
CS555Spring 2012/Topic 101 Cryptography CS 555 Topic 10: Block Cipher Security & AES.
Computing the chromatic number for block intersection graphs of Latin squares Ed Sykes CS 721 project McMaster University, December 2004 Slide 1.
Chapter 18: One-Way Hash Functions Based on Schneier.
Chapter 11 – Counting Methods Intro to Counting Methods Section 11.1: Counting by Systematic Listing.
A Brief Summary and Demonstration of Hash functions Collisions June
Cryptographic Hash Functions and Protocol Analysis
Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski.
AES Encryption FIPS 197, November 26, Bit Block Encryption Key Lengths 128, 192, 256 Number of Rounds Key Length Rounds Block.
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
Slides accompanying 2WC12 Sebastiaan de Hoogh. MD5 Compression function.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Information Security and Management 11. Cryptographic Hash Functions Chih-Hung Wang Fall
Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
VideoGameAudio.com info {at} VideoGameAudio.com SIAT – Simon Fraser University Surrey, BC 1 Video Game Audio Leonard J. Paul VideoGameAudio.c om.
Sequential Pattern Mining
Cryptography Aalto University, autumn 2013.
IT443 – Network Security Administration Instructor: Bo Sheng
or call for office visit, or call Kathy Cheek,
The Polar Environmental Centre
Combinations COURSE 3 LESSON 11-3
The Advanced Encryption Standard: Rijndael
Cryptographic Hash Functions Part I
ICS 454 Principles of Cryptography
Make an Organized List and Simulate a Problem
Security through Encryption
Introduction to Symmetric-key and Public-key Cryptography
Single Source Shortest Paths Bellman-Ford Algorithm
Rotors and Secret-Key Encryption
ICS 454 Principles of Cryptography
Data Warehousing Mining & BI
AB AC AD AE AF 5 ways If you used AB, then, there would be 4 remaining ODD vertices (C, D, E and F) CD CE CF 3 ways If you used CD, then, there.
Exploring Partially ordered sets
A Series of Slides in 5 Parts Movement 2. BFS
Latin Square Designs.
If AD = 10, DC =6, and ED = 15, find DB.
A Series of Slides in 5 Parts Movement 3. IDFS
Hash Function Requirements
Presentation transcript:

A Brief Summary and Demonstration of Hash functions Collisions July

Topics 2  Overview of attacks  MD5, SHA-0 and SHA-1 attack  Attack Demo

Hash Collision at present 3  Hash collision situations  MD5 and SHA-0 already broken  SHA-1 insecure  Real existing collisions algorithms and methods 

The meaning of “Broken” 4  Hash function is cryptographically strong if no methods better than brute force are known (and n is big enough)  Hash function is cryptographically broken if a better  method has been found  MD5 has n= 128, brute force cost for :  Second preimage : 2 n =2 128 =3x10 38  Collision : 2 n/2 = 2 64 =2x10 19

Bruce-force Attack Complexity 5

What is regarded as secure? 6  2 64 hash computations is at the edge of feasibility  with realistic investments in equipment and time  128 bit hash not safe anymore against brute force collision attack  2 80 hash computations is still infeasible  unless with major investments in equipment and time  160 bit hash still safe against brute force collision attack 

Today’s Cryptanalysis 7  (second) preimages:  not known for MD5 (?), SHA-1, SHA-2  Collisions:  MD5: easy  SHA-1: doable with lot of effort, no collision has been found yet  SHA-2: no attack known

Topics 8  Overview of attacks  MD5, SHA-0 and SHA-1 attack  Attack Demo

MD5 Attack 9  2004  First collision for MD5 presented  Two 128 byte messages with same MD5 hash value  Identical prefix collision attack  15 minutes up to an hour on a IBM P690 with about 2 39  2005  Attack method released  2006  Chosen-prefix collision (CPC) attack  Choose two arbitrary files (same length)  Make them collide by appending 716 ‘random’ bytes

COLLISION IMPROVEMENTS 10  Rogue CA construction (<2048 bits)  Cluster of 215 PlayStation3s  Performing like 8600 pc cores  Complexity 2 50 using 30GB:  1 day on cluster  Complexity using a few TBs:  1 day on 20 PS3s and 1 pc  1 day on 8 NVIDIA GeForce GTX280s  1 day on Amazon EC2 at the cost of $2,000  Normal CPC  Complexity approx (<1 day on quadcore pc)

MD5 Breakers 11  Xiaoyun Wang (China)  collisions for MD5 in 2004  in a few hours on a big computer  Marc Stevens (Amsterdam)  MSc thesis 2007, TU/e  improved method, fully automated  collisions can now be found in about 1 second on a standard laptop

Wang’s Collisions : Identical Prefix 12  identical prefix P  different collision blocks C, C’  identical suffix S

Steven’s Collisions : Chosen Prefix 13  Different prefixes P, P’  different collision blocks NC, NC’  identical suffix S

SHA-0 Attack 14  1998  Possible collisions attack with 2 61 operations  2004  Full collisions found with 2 51 operations  80,000 CPU hours with Itanium2  2004  Collisions with 2 40 operations for SHA-0, MD5 and other  2005  Collisions with 2 39 operations

SHA-1 Attack 15  2005  Collisons found in 2 80 operatons of reduced version of SHA out of 80 rounds  2006  SHA-1-64 with 2 35 operations  2010  SHA-1-73 with 2 35 operations  Project HashClash : claim fully near collision attack with estimated complexity of

Progress of Collision Attacks 16 Attack complexities for MD5, SHA-1 and SHA-2

Topics 17  Overview of attacks  MD5, SHA-0 and SHA-1 attack  Attack Demo

SHA-0 Vectors 18  $ openssl sha s1 s2  result : c9f160777d4086fe8095fba58b7e20c228a4006b a766a602 b65cffe7 73bcf258 26b322b3 d01b1a ef53 3e3b4b7f 53fe c08e47 e959b2bc 3b b d110f 70f5c5e2 b4590ca3 f55f52fe effd4c8f e68de e603c c51e7f d1 671d108d f5a4000d cf20a d72c d14fbb03 45cf3a29 5dcda89f 998f8755 2c9a58b1 bdc e f96e68be bb0025d2 d2b69edf f688b41d eb9b4913 fbe696b5 457ab399 21e1d759 1f89de84 57e8613c 6c9e3b d4d8 783b2d9c a9935ea5 26a729c0 6edfc501 37e69330 be cc5dfe1c 14c4c68b d1db3ecb 24438a59 a09b5db e0d 8bdf572f 77b53065 cef31f32 dc9dbaa e 9994bd5c d0758e3d a766a602 b65cffe7 73bcf258 26b322b1 d01b1ad7 2684ef51 be3b4b7f d3fe3762 a4c08e45 e959b2fc 3b a47d110d 70f5c5e ce3 755f52fc 6ffd4c8d 668de e603e 451e7f02 d45410d1 e71d108d f5a4000d cf20a d72c d14fbb01 45cf3a69 5dcda89d 198f8755 ac9a58b1 3dc e4771c5 796e68fe bb0025d0 52b69edd a17241d8 7688b41f 6b9b4911 7be696f5 c57ab399 a1e1d719 9f89de86 57e8613c ec9e3b26 a879d b2d9e 29935ea7 a6a edfc503 37e e c5dfe5c 14c4c689 51db3ecb a4438a59 209b5db e0d 8bdf572f 77b53065 cef31f30 dc9dbae c 1994bd5c 50758e3d

MD5 vectors  d1 31 dd 02 c5 e6 ee c4 69 3d 9a af f9 5c 2f ca b e ab e b8 fb 7f ad f4 b e a e8 f7 cd c9 9f d9 1d bd f c 5b d8 82 3e f 5b ae 6d ac d4 36 c9 19 c6 dd 53 e2 b4 87 da 03 fd d2 48 cd a0 e9 9f f 57 7e e8 ce 54 b a8 0d 1e c bc b6 a f9 65 2b 6f f7 2a 70  d1 31 dd 02 c5 e6 ee c4 69 3d 9a af f9 5c 2f ca b e ab e b8 fb 7f ad f4 b e f1 41 5a e8 f7 cd c9 9f d9 1d bd c 5b d8 82 3e f 5b ae 6d ac d4 36 c9 19 c6 dd 53 e da 03 fd d2 48 cd a0 e9 9f f 57 7e e8 ce 54 b d 1e c bc b6 a f9 65 ab 6f f7 2a 70 Each of these blocks has MD5 hash fb1a26e4bc422aef54eb4

MD5 Collision demo $ ls -al total 16 drwxr-xr-x 4 admin staff 136 Jul 16 17:05. drwxr-xr-x 9 admin staff 306 Jul 16 16:40.. -rwxr--r-- 1 admin staff 128 Jul 14 11:34 v1 -rwxr--r-- 1 admin staff 128 Jul 14 11:35 v2 $ md5 v*; openssl dgst -sha1 v* MD5 (v1) = fb1a26e4bc422aef54eb4 MD5 (v2) = fb1a26e4bc422aef54eb4 SHA1(v1)= a34473cf767c6108a5751a20971f1fdfba97690a SHA1(v2)= 4283dd2d70af1ad3c2d5fdc917330bf

Concat File Equivalence 21 $ ls >f1 $ cat v1 f1 >w1 $ cat v2 f1 >w2 $ ls -al total 40 drwxr-xr-x 7 admin staff 238 Jul 16 17:07. drwxr-xr-x 9 admin staff 306 Jul 16 16:40.. -rw-r--r-- 1 admin staff 9 Jul 16 17:06 f1 -rwxr--r-- 1 admin staff 128 Jul 14 11:34 v1 -rwxr--r-- 1 admin staff 128 Jul 14 11:35 v2 -rw-r--r-- 1 admin staff 137 Jul 16 17:07 w1 -rw-r--r-- 1 admin staff 137 Jul 16 17:07 w2 $ md5 w*; openssl dgst -sha1 w* MD5 (w1) = e9dc7f d MD5 (w2) = e9dc7f d SHA1(w1)= d867ab d1cd9df9b4c89d9810f35fc24 SHA1(w2)= 2e05a71ff6c16f57d6ca935a47360de6aefcfad5

But how’s about 22 $ md5 -s windows MD5 ("windows") = 0f4137ed1502b5045d6083aa258b5c42

Conclusions  The Internet is not completely broken  The affected CAs are switching to SHA-1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.