Sha-1 Collision
-
Upload
university-of-south-wales -
Category
Technology
-
view
142 -
download
1
Transcript of Sha-1 Collision
© University of South Wales
Hashes and the SHA-1 CollisionAn updated guide to hashes in IT security
Clare Johnson, Lecturer in Cyber Security, University of South [email protected]
© University of South Wales
the quick brown dog
fox
the quick brown fox ced71fa7235231bed383facfdc41c4ddcc22ecf1
ff0f0a8b656f0b44c26933acd2e367b6c1211290
4860129fbb3e4a0d5e52e388e5a660dcbb5d3df6hash function
Numeric output of fixed length
Text input of variable length
What are hashes?• Hashes are mathematical functions (or algorithms)
that take a string of data of a variable length and turn it into a numeric string of fixed length
hash function
hash function
© University of South Wales
Examples• Any amount of data is converted to a fixed-length
“fingerprint”• Cannot be reversed• Any change in the input results in a completely
different hash.hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542
© University of South Wales
Why use hashes?• Hashes are used in databases to make it easier /
faster to search for data• We are interested in the hashes that are used for data
encryption – this may be:– To store sensitive data in encrypted format– To ensure integrity of data
© University of South Wales
Important Properties• A hash is unique, but always repeatable
– The word ‘cat’ will hash to something that no other word will hash to, but it will always hash to the same thing
• The function is one way– If you are given the hash value for ‘cat’ you will never be
able to reverse hash it back to the word ‘cat’.
cat 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50
© University of South Wales
Cryptographic Hash Functions• Computationally infeasible to reverse• SHA-1
– Produces a string of 160 bits– Specification finalised in 1995
• MD5– Quicker to compute than SHA-1– Known to have been attacked
© University of South Wales
Overview of hash use in passwordsExample for account registration
1. User creates an account2. Password is hashed and stored (as a hash) in the database3. When the user attempts to log in, the hash of the password they
enter is checked against the hash of their real password4. If the hashes match, the user is granted access. 5. Steps 3 and 4 repeat every time a user tries to log in.
© University of South Wales
THIS IS THE PROCESS IN BRIEF FOR SHA-1
Hold on to your hats…
© University of South Wales
Take your word and convert• Original word
– Cat• Convert to ASCII
– 99 97 116• Convert ASCII codes to binary
– 01100011 01100001 01110100• Join together and add a 1 to the end
– 0110001101100001011101001
© University of South Wales
Add a load of zeros…• The number of digits in your message divided by 512 must
have a remainder of 448, so add as many zeros as necessary to get a remainder of 448– 0110001101100001011101001
• My message length is 25 (8 * 3 +1)– 448 – 25 = 423
• Therefore, add 423 zeros to my message, then it will be 448 digits long– 448 / 512 is 0 remainder 448
© University of South Wales
More padding is added• The length of the original message is added next, but it must equal 64 bits, so
in our case, as the length was 25, I add the binary of 25 (00011001) preceded by 56 zeros (because 8 digits plus 56 digits = 64 digits) to the end of my message.
• Looks like this:• 0110001101100001011101001000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011001
© University of South Wales
Chunk and process• Break the string into chunks of 512 (ours is already 512)• Break the chunks into 16 x 32 bit words• Extend each group of 16 words to 80 words via a looped
algorithm– 4 words selected– XOR the words together eg
• a 1 and a zero becomes a 1 (1 + 0 = 1)• a zero and a zero becomes a 0 (0 + 0 = 0)• a 1 and a 1 becomes a 0 (1 + 1 = 0)• a 0 and a 1 becomes a 1 (0 + 1 = 1)
© University of South Wales
Chunk and process further• The new word is left rotated by 1
– The first character is removed and added to the end of the word• The word is added to the next vacant slot (ie on the first loop this will
become word number 16) until there are 80 words in total• A series of functions is carried out on each word, depending on the
number of the word (eg words 0-19 use function 1)• Words are ‘added’ together, and additional digits are truncated.• Convert back to hex
– 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50
– VOILA!!!
© University of South Wales
SHA-1 is broken• On 23 February 2017, Google created a SHA-1 collision which they
named ‘SHAttered’• Two distinct PDF files generated the same SHA-1 digest• This is important since it means both files will be trusted even though
one is not the original• Could be used for malware purposes
© University of South Wales
Who uses SHA-1 anyway?• SHA-1 was deprecated by NIST in 2011• Chrome will warn you not to trust a site’s SSL certificate if it
uses SHA-1• Firefox reacted to the SHA-1 collision by deprecating it on 24
Feb 17• Microsoft still uses SHA-1 and is planning to deprecate it later
this year, although IE11 and Edge will not show the lock icon on sites with an SHA-1 certificate
• There may be instances where the use of SHA-1 is not significant – see NIST’s NSRL report.
© University of South Wales
How realistic is an attack?• Researchers used a vast amount of computational power to
generate this attack• The attack required over 9,223,372,036,854,775,808 SHA-1
computations, equivalent to 110 years of single-GPU computations
• But… remember that computers are getting quicker and more powerful
• Google will publicly release the code allowing anyone to create a pair of PDFs that hash to the same SHA-1 in 90 days
© University of South Wales
ReferencesThe first website listed is the one mainly used for the walkthrough in this presentation, where you can hash your own word and see the exact process in action:
• Metamorphosite (2008) Available at: http://www.metamorphosite.com/one-way-hash-encryption-sha1-data-software (Accessed: 8/10/15)
• Defuse Security (2016) Crackstation Salted Password Hashing. Available at: https://crackstation.net/hashing-security.htm (Accessed: 26/02/17)
• Fox-Brewster, T. (2017) Google just ‘shattered’ an old crypto algorithm. Available at: https://www.forbes.com/sites/thomasbrewster/2017/02/23/google-sha-1-hack-why-it-matters/#3d51944c4c8c (Accessed: 26/02/17)
• Shattered (2017). Available at: https://shattered.io/ (Accessed: 26/02/17)