• Welcome to Valhalla Legends Archive.
 

SHA1 Broken

Started by dxoigmn, February 15, 2005, 08:46 PM

Previous topic - Next topic

quasi-modo

Quote from: j0k3r on February 19, 2005, 08:46 AM
Quote from: quasi-modo on February 18, 2005, 05:23 PM
It is great for dbs. You encrypt passwords / credit card numbers. It is not meant to be decrypted really.
What would be the purpose of SHA-1'ing a credit card number, would they not need it for billing purposes?
Some sites use it for identification purposes. Same as a social. For instnace my online banking uses my social. Paypal can use a credit card number.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Arta

#16
Tthe attack that has been found on SHA-1 wouldn't enable anyone to retrieve plaintext from the hash.

What the attack does is to allow you to find collisions more quickly, which makes a birthday attack possible.

quasi-modo

Quote from: Arta[vL] on February 19, 2005, 03:07 PM
Tthe attack that has been found on SHA-1 wouldn't enable anyone to retrieve plaintext from the hash.

What the attack does is to allow you to find collisions more quickly, which makes a birthday attack possible.
Well it does not really needs to let you retrieve text... it just needs to let you login as someone else.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Arta

I don't see how this attack makes that more likely than it was before?

quasi-modo

#19
Quote from: Arta[vL] on February 23, 2005, 08:36 AM
I don't see how this attack makes that more likely than it was before?
If sha-1 is vulnerable (I do not know how this attack works exactly), and sha-1 is what the passwords are encrypted in, then if sha-1 were broken would it not allow you to login as someone else more easily?

Birthday is no longer really a threat if you salt the password feild with an id feild or something.... it would turn into a conventional brute force at that point.

I do not know much about what this new attack does, only what was in the op. All I know is md5 was broken a long time ago but it is still pretty seucre and still widely used.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Arta

The attack makes it considerably easier (269 instead of 280) to find plaintexts that cause collisions. That is, given a plaintext P1, it is now much easier to find a plaintext P2 such that SHA1(P1) == SHA1(P2).

That's why this vulnerability facilitates a birthday attack. A typical example might be to take a document (for example, a contract), D1, that is signed using SHA1 to ensure that it has not been modified in transit. If Mallory wants to tamper with this document, they could do it by making the change they need, and then making lots of small, imperceptible changes (for example adding spaces), until they had a document D2, such that H(D1) == H(D2). Mallory can then send this document to the victim, and claim that it is the original. The victim will check the hashes, which will be the same, and will not be aware of the changes made.

It's a simplistic example but it illustrates the most serious problem raised by this vulnerability.

It does also make it easier to brute force the plaintext used to generate hashes, but 269 is still a lot of work, so that shouldn't be a problem in the immediate future.

dxoigmn

Quote from: Arta[vL] on February 23, 2005, 05:18 PM
The attack makes it considerably easier (269 instead of 280) to find plaintexts that cause collisions. That is, given a plaintext P1, it is now much easier to find a plaintext P2 such that SHA1(P1) == SHA1(P2).

That's why this vulnerability facilitates a birthday attack. A typical example might be to take a document (for example, a contract), D1, that is signed using SHA1 to ensure that it has not been modified in transit. If Mallory wants to tamper with this document, they could do it by making the change they need, and then making lots of small, imperceptible changes (for example adding spaces), until they had a document D2, such that H(D1) == H(D2). Mallory can then send this document to the victim, and claim that it is the original. The victim will check the hashes, which will be the same, and will not be aware of the changes made.

It's a simplistic example but it illustrates the most serious problem raised by this vulnerability.

It does also make it easier to brute force the plaintext used to generate hashes, but 269 is still a lot of work, so that shouldn't be a problem in the immediate future.

Even the example you gave it highly unlikely.  I think the point is that once you find a small hole in a hasing algorithm pretty soon someone is going to find a bigger hole.  Generally, the security of a hashing algorithm doesn't increase but decreases over time, however these kind of exploits only make it decrease quicker.

iago

Just a picky little note, this isn't an "exploit", it's a vulnerability or weakness.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


dxoigmn

Quote from: iago on February 24, 2005, 10:09 PM
Just a picky little note, this isn't an "exploit", it's a vulnerability or weakness.

Yes, good catch :)