Hack the Hash Hack the Hash / Nathaniel McHugh @natmchugh Hash Functions http://localhost:8000/index.html?print-pdf#/ 1 of 11 05/06/15 12:10 

Hash Functions http://localhost:8000/index.html?print-pdf#/ 2 of 11 05/06/15 12:10 

e06723d4961a0a3f950e7786f3766338 Hash Functions http://localhost:8000/index.html?print-pdf#/ 3 of 11 05/06/15 12:10 

Collisions Collisions When H(m1) = H(m2) and m1≠m2 Forge Signatures, distribute �les di�erent behaviors, predict future not HMAC not pre-image Plenty in MD4, MD5, SHA0 None in full SHA1, SHA2 Hash Functions http://localhost:8000/index.html?print-pdf#/ 4 of 11 05/06/15 12:10 

Brute Force Brute Force n ≈ √(-2 * ln(1-p) * √d If p=0.5 then n= 1.177 * √d √365 = 19 √(2^128) = 2^64 Hash Functions http://localhost:8000/index.html?print-pdf#/ 5 of 11 05/06/15 12:10 

Wang Attack Wang Attack Start with random message 1. Create another message M’ with small di�s 2. Modify message so that certain bitwise conditions hold in intermediate state 3. Test for collision if not found go to 1 4. Hash Functions http://localhost:8000/index.html?print-pdf#/ 6 of 11 05/06/15 12:10 

Δm1 = 2 , Δm2 = 2 − 2 , Δm12 = −2 Wang MD4 Wang MD4 M = M − M’ = (Δm0, Δm1, ......, Δm15) 31 31 28 16 Hash Functions http://localhost:8000/index.html?print-pdf#/ 7 of 11 05/06/15 12:10 

Merkle–Damgård Merkle–Damgård Hash Functions http://localhost:8000/index.html?print-pdf#/ 8 of 11 05/06/15 12:10 

Live Demo Live Demo Hash Functions http://localhost:8000/index.html?print-pdf#/ 9 of 11 05/06/15 12:10 

HashClash HashClash https://marc-stevens.nl/p/hashclash/ Hash Functions http://localhost:8000/index.html?print-pdf#/ 10 of 11 05/06/15 12:10 

Collision attack in Wild Collision attack in Wild Hash Functions http://localhost:8000/index.html?print-pdf#/ 11 of 11 05/06/15 12:10