Sha-1 Collision

© University of South Wales

Hashes and the SHA-1 CollisionAn updated guide to hashes in IT security

Clare Johnson, Lecturer in Cyber Security, University of South [email protected]


the quick brown dog

fox

the quick brown fox ced71fa7235231bed383facfdc41c4ddcc22ecf1

ff0f0a8b656f0b44c26933acd2e367b6c1211290

4860129fbb3e4a0d5e52e388e5a660dcbb5d3df6hash function

Numeric output of fixed length

Text input of variable length

What are hashes?• Hashes are mathematical functions (or algorithms)

that take a string of data of a variable length and turn it into a numeric string of fixed length

hash function

hash function


Examples• Any amount of data is converted to a fixed-length

“fingerprint”• Cannot be reversed• Any change in the input results in a completely

different hash.hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542


Why use hashes?• Hashes are used in databases to make it easier /

faster to search for data• We are interested in the hashes that are used for data

encryption – this may be:– To store sensitive data in encrypted format– To ensure integrity of data


Important Properties• A hash is unique, but always repeatable

– The word ‘cat’ will hash to something that no other word will hash to, but it will always hash to the same thing

• The function is one way– If you are given the hash value for ‘cat’ you will never be

able to reverse hash it back to the word ‘cat’.

cat 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50


Cryptographic Hash Functions• Computationally infeasible to reverse• SHA-1

– Produces a string of 160 bits– Specification finalised in 1995

• MD5– Quicker to compute than SHA-1– Known to have been attacked


Overview of hash use in passwordsExample for account registration

1. User creates an account2. Password is hashed and stored (as a hash) in the database3. When the user attempts to log in, the hash of the password they

enter is checked against the hash of their real password4. If the hashes match, the user is granted access. 5. Steps 3 and 4 repeat every time a user tries to log in.


THIS IS THE PROCESS IN BRIEF FOR SHA-1

Hold on to your hats…


Take your word and convert• Original word

– Cat• Convert to ASCII

– 99 97 116• Convert ASCII codes to binary

– 01100011 01100001 01110100• Join together and add a 1 to the end

– 0110001101100001011101001


Add a load of zeros…• The number of digits in your message divided by 512 must

have a remainder of 448, so add as many zeros as necessary to get a remainder of 448– 0110001101100001011101001

• My message length is 25 (8 * 3 +1)– 448 – 25 = 423

• Therefore, add 423 zeros to my message, then it will be 448 digits long– 448 / 512 is 0 remainder 448


More padding is added• The length of the original message is added next, but it must equal 64 bits, so

in our case, as the length was 25, I add the binary of 25 (00011001) preceded by 56 zeros (because 8 digits plus 56 digits = 64 digits) to the end of my message.

• Looks like this:• 0110001101100001011101001000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011001


Chunk and process• Break the string into chunks of 512 (ours is already 512)• Break the chunks into 16 x 32 bit words• Extend each group of 16 words to 80 words via a looped

algorithm– 4 words selected– XOR the words together eg

• a 1 and a zero becomes a 1 (1 + 0 = 1)• a zero and a zero becomes a 0 (0 + 0 = 0)• a 1 and a 1 becomes a 0 (1 + 1 = 0)• a 0 and a 1 becomes a 1 (0 + 1 = 1)


Chunk and process further• The new word is left rotated by 1

– The first character is removed and added to the end of the word• The word is added to the next vacant slot (ie on the first loop this will

become word number 16) until there are 80 words in total• A series of functions is carried out on each word, depending on the

number of the word (eg words 0-19 use function 1)• Words are ‘added’ together, and additional digits are truncated.• Convert back to hex

– 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50

– VOILA!!!


SHA-1 is broken• On 23 February 2017, Google created a SHA-1 collision which they

named ‘SHAttered’• Two distinct PDF files generated the same SHA-1 digest• This is important since it means both files will be trusted even though

one is not the original• Could be used for malware purposes


Who uses SHA-1 anyway?• SHA-1 was deprecated by NIST in 2011• Chrome will warn you not to trust a site’s SSL certificate if it

uses SHA-1• Firefox reacted to the SHA-1 collision by deprecating it on 24

Feb 17• Microsoft still uses SHA-1 and is planning to deprecate it later

this year, although IE11 and Edge will not show the lock icon on sites with an SHA-1 certificate

• There may be instances where the use of SHA-1 is not significant – see NIST’s NSRL report.

http://www.nsrl.nist.gov/collisionSHA1.html


How realistic is an attack?• Researchers used a vast amount of computational power to

generate this attack• The attack required over 9,223,372,036,854,775,808 SHA-1

computations, equivalent to 110 years of single-GPU computations

• But… remember that computers are getting quicker and more powerful

• Google will publicly release the code allowing anyone to create a pair of PDFs that hash to the same SHA-1 in 90 days


ReferencesThe first website listed is the one mainly used for the walkthrough in this presentation, where you can hash your own word and see the exact process in action:

• Metamorphosite (2008) Available at: http://www.metamorphosite.com/one-way-hash-encryption-sha1-data-software (Accessed: 8/10/15)

• Defuse Security (2016) Crackstation Salted Password Hashing. Available at: https://crackstation.net/hashing-security.htm (Accessed: 26/02/17)

• Fox-Brewster, T. (2017) Google just ‘shattered’ an old crypto algorithm. Available at: https://www.forbes.com/sites/thomasbrewster/2017/02/23/google-sha-1-hack-why-it-matters/#3d51944c4c8c (Accessed: 26/02/17)

• Shattered (2017). Available at: https://shattered.io/ (Accessed: 26/02/17)

http://www.metamorphosite.com/one-way-hash-encryption-sha1-data-software



https://crackstation.net/hashing-security.htm



https://www.forbes.com/sites/thomasbrewster/2017/02/23/google-sha-1-hack-why-it-matters/%233d51944c4c8c



https://shattered.io/



Sha-1 Collision

Technology

Transcript of Sha-1 Collision