Presentation is loading. Please wait.

Presentation is loading. Please wait.

Your Security in the IT Market www.i.cz Beyond the MD5 Collisions Daniel Joščák, S.ICZ a.s. & MFF UK 04/05/2007, SPI Brno.

Published bySelena Gary Modified over 9 years ago

Similar presentations

Presentation on theme: "Your Security in the IT Market www.i.cz Beyond the MD5 Collisions Daniel Joščák, S.ICZ a.s. & MFF UK 04/05/2007, SPI Brno."— Presentation transcript:

1 Your Security in the IT Market www.i.cz Beyond the MD5 Collisions Daniel Joščák, S.ICZ a.s. & MFF UK 04/05/2007, SPI Brno

2 Your Security in the IT Market www.i.cz Chewing functions

3 Your Security in the IT Market www.i.cz Chewing functions

4 Your Security in the IT Market www.i.cz Iterated hash functions ►We would like to have a hash function h h : {0,1}* → {0,1} n ►We have so-called compression function f f : {0,1} b → {0,1} n ►Pad a message m to be a multiple of b bits long ►Iterate the compression function f

5 Your Security in the IT Market www.i.cz Collisions in MD5 ►Messages (M0||M1) ≠ (N0||N1), h (M0||M1) = h (N0||N1) ►We have real collisions producing algorithms and methods ●Wang et al. 04 ●Klíma 05 ●Liang and Lai 05 ●Stevens 05 and 06 (new target collisions) ●…

6 Your Security in the IT Market www.i.cz Attempts to improve MD5 ►3C, 3C+, … constructions by Gauravaram, Millan, Dawson, and Viswanathan 06 ►Ring Iterative Structures by Su, Yang, Yang, Zhang 06. ►Keep the compression function f and change Merkle-Damgård construction to obtain “better” function

7 Your Security in the IT Market www.i.cz Attempts to improve MD5 3C 3C+ Single Feedback Multiple Feedback

8 Your Security in the IT Market www.i.cz Properties of the collisions ►Messages (M0||M1) ≠ (N0||N1), h (M0||M1) = h (N0||N1) ►Fixed message and chaining differences: ●Δ0 = M0 − N0 = (0, 0, 0, 0, 2^31, 0, 0, 0, 0, 0, 0, +2^15, 0, 0, 2^31, 0) ●Δ1 = M1 − N1 = (0, 0, 0, 0, 2^31, 0, 0, 0, 0, 0, 0, −2^15, 0, 0, 2^31, 0) ●δ = IV1 − IV’1 = f(IV, M0) − f(IV, N0) = (2^31, 2^31 + 2^25, 2^31 + 2^25, 2^31 + 2^25)

9 Your Security in the IT Market www.i.cz 4-block collisions for 3C ►Algorithms work for any IV and have the fixed chaining differences ►We can find (M1||M2||M3||M4) ≠ (N1||N2||N3||N4) s.t. ●h 3C (M1||M2||M3||M4) = h 3C (N1||N2||N3||N4) ►Find 2 pairs of MD5 collisions such that: ●h(IV 0,M1||M2) = h(IV 0,N1||N2) = IV 2, ●h(IV 2,M3||M4) = h(IV 2,N3||N4).

10 Your Security in the IT Market www.i.cz 5-block collisions for 3C+ ►(M1||M2||M3||M4||M5) ≠ (N1||N2||N3||N4||N5) such that ●h 3C+ (M1||M2||M3||M4||M5) = h 3C+ (N1||N2||N3||N4||N5) ►Find 2 pairs of MD5 collisions such that: ●M1 = N1 ●h(IV 1,M2||M3) = h(IV 1,N2||N3) = IV 2, ●h(IV 3,M4||M5) = h(IV 3,N4||N5).

11 Your Security in the IT Market www.i.cz 4-block collisions for simple feedback ring iterative struct. ►We can find (M1||M2||M3||M4) ≠ (N1||N2||N3||N4) s.t. ●h sf (M1||M2||M3||M4) = h sf (N1||N2||N3||N4) ►Find just one pair of MD5 collisions: ●M1 = N1 ●h(IV 1,M2||M3) = h(IV 1,N2||N3), ●M4 = N4.

12 Your Security in the IT Market www.i.cz Conclusions ►Be aware of quick “secure” changes in algorithms ►Time for Advanced Hash Standard ●Competition Organized by NIST ●Submission deadline 3Q 2008 ►Problems are gift (Bruno Buchberger)

13 Your Security in the IT Market www.i.cz Thank you for your attention. Daniel Joščák daniel.joscak@i.cz +420 724 429 248 S.ICZ a.s. www.i.cz MFF UK, Dept. of Algebra

Download ppt "Your Security in the IT Market www.i.cz Beyond the MD5 Collisions Daniel Joščák, S.ICZ a.s. & MFF UK 04/05/2007, SPI Brno."

Similar presentations

Which Hash Functions will survive?

Which Hash Functions will survive?
Applications of SAT Solvers to Cryptanalysis of Hash Functions

Applications of SAT Solvers to Cryptanalysis of Hash Functions
Hashes and Message Digests

Hashes and Message Digests
EFORWOOD Tools for Sustainability Impact Assessment of the Forestry-Wood Chain EFORWOOD Tools for Sustainability Impact Assessment of the Forestry-Wood.

EFORWOOD Tools for Sustainability Impact Assessment of the Forestry-Wood Chain EFORWOOD Tools for Sustainability Impact Assessment of the Forestry-Wood.
5-2 Parallel and Perpendicular Lines Warm Up Problem of the Day

5-2 Parallel and Perpendicular Lines Warm Up Problem of the Day
Bayesian Belief Propagation

Bayesian Belief Propagation
11.1 Vis_04 Data Visualization Lecture 11 Information Presentation.

11.1 Vis_04 Data Visualization Lecture 11 Information Presentation.
P2N: Cloud Control David Tarrant Ben OSteen

P2N: Cloud Control David Tarrant Ben OSteen
Visual Formalisms Message Sequence Charts Book: Chapter 10.

Visual Formalisms Message Sequence Charts Book: Chapter 10.
Merkle Damgard Revisited: how to Construct a hash Function

Merkle Damgard Revisited: how to Construct a hash Function
Then/Now You named angle pairs formed by parallel lines and transversals. Use theorems to determine the relationships between specific pairs of angles.

Then/Now You named angle pairs formed by parallel lines and transversals. Use theorems to determine the relationships between specific pairs of angles.
Chapter 8 Recursion. 8.1 Recursively Defined Sequences.

Chapter 8 Recursion. 8.1 Recursively Defined Sequences.
October 2nd 2013 * 13:30 – 17:30 * SZA Vienna

October 2nd 2013 * 13:30 – 17:30 * SZA Vienna
Princess Sumaya University

Princess Sumaya University
EPI809/Spring 20081 Fishers Exact Test Fishers Exact Test is a test for independence in a 2 X 2 table. It is most useful when the total sample size and.

EPI809/Spring Fishers Exact Test Fishers Exact Test is a test for independence in a 2 X 2 table. It is most useful when the total sample size and.
Karnaugh Map Adjacent Squares

Karnaugh Map Adjacent Squares
Karnaugh Map Adjacent Squares

Karnaugh Map Adjacent Squares
Summer ’12 AP Computer Science. 2012 APCS Summer Assignments Read thoroughly this ppt and solve examples 6 and 7.

Summer ’12 AP Computer Science APCS Summer Assignments Read thoroughly this ppt and solve examples 6 and 7.
Computer Science and Engineering Diversified Spatial Keyword Search On Road Networks Chengyuan Zhang 1,Ying Zhang 2,1,Wenjie Zhang 1, Xuemin Lin 3,1, Muhammad.

Computer Science and Engineering Diversified Spatial Keyword Search On Road Networks Chengyuan Zhang 1,Ying Zhang 2,1,Wenjie Zhang 1, Xuemin Lin 3,1, Muhammad.
QED: A Simplifier for Concurrent Programs Shaz Qadeer Microsoft Research Joint work with Tayfun ElmasAli SezginSerdar Tasiran.

QED: A Simplifier for Concurrent Programs Shaz Qadeer Microsoft Research Joint work with Tayfun ElmasAli SezginSerdar Tasiran.

Similar presentations

Ads by Google