Hack The Hash

Transcript

1. Hack the Hash Hack the Hash / Nathaniel McHugh @natmchugh

   Hash Functions http://localhost:8000/index.html?print-pdf#/ 1 of 11 05/06/15 12:10

2. Hash Functions http://localhost:8000/index.html?print-pdf#/ 2 of 11 05/06/15 12:10

3. e06723d4961a0a3f950e7786f3766338 Hash Functions http://localhost:8000/index.html?print-pdf#/ 3 of 11 05/06/15 12:10

4. Collisions Collisions When H(m1) = H(m2) and m1≠m2 Forge Signatures,

   distribute �les di�erent behaviors, predict future not HMAC not pre-image Plenty in MD4, MD5, SHA0 None in full SHA1, SHA2 Hash Functions http://localhost:8000/index.html?print-pdf#/ 4 of 11 05/06/15 12:10

5. Brute Force Brute Force n ≈ √(-2 * ln(1-p) *

   √d If p=0.5 then n= 1.177 * √d √365 = 19 √(2^128) = 2^64 Hash Functions http://localhost:8000/index.html?print-pdf#/ 5 of 11 05/06/15 12:10

6. Wang Attack Wang Attack Start with random message 1. Create

   another message M’ with small di�s 2. Modify message so that certain bitwise conditions hold in intermediate state 3. Test for collision if not found go to 1 4. Hash Functions http://localhost:8000/index.html?print-pdf#/ 6 of 11 05/06/15 12:10

7. Δm1 = 2 , Δm2 = 2 − 2 ,

   Δm12 = −2 Wang MD4 Wang MD4 M = M − M’ = (Δm0, Δm1, ......, Δm15) 31 31 28 16 Hash Functions http://localhost:8000/index.html?print-pdf#/ 7 of 11 05/06/15 12:10

8. Merkle–Damgård Merkle–Damgård Hash Functions http://localhost:8000/index.html?print-pdf#/ 8 of 11 05/06/15 12:10

9. Live Demo Live Demo Hash Functions http://localhost:8000/index.html?print-pdf#/ 9 of 11

   05/06/15 12:10

10. HashClash HashClash https://marc-stevens.nl/p/hashclash/ Hash Functions http://localhost:8000/index.html?print-pdf#/ 10 of 11 05/06/15

    12:10

11. Collision attack in Wild Collision attack in Wild Hash Functions

    http://localhost:8000/index.html?print-pdf#/ 11 of 11 05/06/15 12:10