SHA-1 collision found Lukáš Mi ňo, Richard Bartuš What is a hash function ................................................................................................................. 1 MD5 (Message-Digest Algorithm) ................................................................................................... 2 Briefly about MD5...................................................................................................................... 2 Vulnerability.............................................................................................................................. 2 Applications .............................................................................................................................. 3 Examples .................................................................................................................................. 3 SHA (Secure Hash Algorithm)......................................................................................................... 4 SHA-0....................................................................................................................................... 4 SHA-1....................................................................................................................................... 5 Cryptoanalysis....................................................................................................................... 5 SHA-1 collision ...................................................................................................................... 6 SHA-2....................................................................................................................................... 7 Cryptoanalysis....................................................................................................................... 7 Applications .......................................................................................................................... 8 Example hashes ............................................................................................................................ 8 SHA-1 algorithm........................................................................................................................ 8 SHA-2 algorithm........................................................................................................................ 8 SHA-256 ................................................................................................................................... 9 SHA-512 ................................................................................................................................... 9 Comparison between SHA-1 and SHA-2 .......................................................................................... 9 Literature.....................................................................................................................................10 What is a hash function A hash function is a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data. The algorithm "chops and mixes" (for instance, substitutes or transposes) the data to create such fingerprints. The fingerprints are called hash sums, hash values, hash codes or simply hashes. (Note that hashes can also mean the hash functions.) Hash sums are commonly used as indices into hash tables or intermediate hash files. Cryptographic hash functions are used for various purposes in information security applications. 2 Lukáš Mi ňo, Richard Bartuš MD5 (Message-Digest Algorithm) Briefly about MD5 In cryptography , MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321 ), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files . An MD5 hash is typically expressed as a 32-character hexadecimal number. MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4 . In 1996 , a flaw was found with the design of MD5; while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found vulnerable itself). In 2004 , more serious flaws were discovered making further use of the algorithm for security purposes questionable. In 2007 a group of researchers including Arjen Lenstra described how to create a pair of files that share the same MD5 checksum. Vulnerability Because MD5 makes only one pass over the data, if two prefixes with the same hash can be constructed, a common suffix can be added to both to make the collision more reasonable. Because the current collision-finding techniques allow the preceding hash state to be specified arbitrarily, a collision can be found for any desired prefix; that is, for any given string of characters X, two colliding files can be determined which both begin with X. All that is required to generate two colliding files is a template file, with a 128-byte block of data aligned on a 64-byte boundary, that can be changed freely by the collision-finding algorithm. Recently, a number of projects have created MD5 "rainbow tables " which are easily accessible online, and can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of password cracking. However, if passwords are combined with a salt before the MD5 digest is generated, rainbow tables become much less useful. The use of MD5 in some websites' URLs means that Google can also sometimes function as a limited tool for reverse lookup of MD5 hashes. This technique is rendered ineffective by the use of a salt. SHA-1 collision found 3 Applications MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. For example, file servers often provide a pre-computed MD5 checksum for the files, so that a user can compare the checksum of the downloaded file to it. Unix -based operating systems include MD5 sum utilities in their distribution packages, whereas Windows users use third-party applications. However, now that it is easy to generate MD5 collisions, it is possible for the person who created the file to create a second file with the same checksum, so this technique cannot protect against some forms of malicious tampering. Also, in some cases the checksum cannot be trusted (for example, if it was obtained over the same channel as the downloaded file), in which case MD5 can only provide error-checking functionality: it will recognize a corrupt or incomplete download, which becomes more likely when downloading larger files. MD5 is widely used to store passwords . To mitigate against the vulnerabilities mentioned above, one can add a salt to the passwords before hashing them. Some implementations may apply the hashing function more than once—see key strengthening . Examples The 128-bit (16-byte) MD5 hashes (also termed message digests) are typically represented as a sequence of 32 hexadecimal digits. The following demonstrates a 43-byte ASCII input and the corresponding MD5 hash: MD5("The quick brown fox jumps over the lazy dog ") = 9e107d9d372bb6826bd81d3542a419d6 Even a small change in the message will (with overwhelming probability) result in a completely different hash, due to the avalanche effect . For example, changing d to e: MD5("The quick brown fox jumps over the lazy eog") = ffd93f16876049265fbaef4da268dd0e The hash of the zero-length string is: MD5("") = d41d8cd98f00b204e9800998ecf8427e 4 Lukáš Mi ňo, Richard Bartuš SHA (Secure Hash Algorithm) The SHA hash functions are five cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. Hash algorithms compute a fixed-length digital representation (known as a message digest) of an input data sequence (the message) of any length. They are called “secure” when (in the words of the standard), “it is computationally infeasible to: 1. find a message that corresponds to a given message digest, or 2. find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. The five algorithms are denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. SHA-224, SHA-256, SHA-384, and SHA-512 are sometimes collectively referred to as SHA-2. SHA-1 produces a message digest that is 160 bits long. SHA-224, SHA-256, SHA-384, and SHA-512 denote the bit length of the digest they produce. The Secure Hash Algorithm (SHA), developed by NIST, along with the NSA, for use with the Digital Signature Standard (DSS) is specified within the Secure Hash Standard (SHS). SHA-1 was a revision to SHA that was published in 1994. The revision corrected an unpublished flaw in SHA. SHA is a cryptographic message digest algorithm similar to the MD4 family of hash functions developed by Rivest. It differs in that it adds an additional expansion operation, an extra round and the whole transformation was designed to accomodate the DSS block sise for efficiency. The Secure Hash Algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest which is designed so that it should be computationaly expensive to find a text which matches a given hash, for example if you have a hash for document A, H(A), it is difficult to find a document B which has the same hash, and