SlideShare uma empresa Scribd logo

Sha-1 Collision

Transferir como PPTX, PDF
University of South Wales
University of South Wales

A brief guide to hashes and their use in encryption, including the recently broken SHA-1 hash algorithm. Updated for the University of South Wales Cyber students.

Tecnologia
1 de 17
© University of South Wales Hashes and the SHA-1 Collision An updated guide to hashes in IT security Clare Johnson, Lecturer in Cyber Security, University of South Wales Clare.johnson@southwales.ac.uk
© University of South Wales the quick brown dog fox the quick brown fox ced71fa7235231bed383facfdc41c4ddcc22ecf1 ff0f0a8b656f0b44c26933acd2e367b6c1211290 4860129fbb3e4a0d5e52e388e5a660dcbb5d3df6 hash function Numeric output of fixed length Text input of variable length What are hashes? • Hashes are mathematical functions (or algorithms) that take a string of data of a variable length and turn it into a numeric string of fixed length hash function hash function
© University of South Wales Examples • Any amount of data is converted to a fixed-length “fingerprint” • Cannot be reversed • Any change in the input results in a completely different hash. hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366 hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542
© University of South Wales Why use hashes? • Hashes are used in databases to make it easier / faster to search for data • We are interested in the hashes that are used for data encryption – this may be: – To store sensitive data in encrypted format – To ensure integrity of data
© University of South Wales Important Properties • A hash is unique, but always repeatable – The word ‘cat’ will hash to something that no other word will hash to, but it will always hash to the same thing • The function is one way – If you are given the hash value for ‘cat’ you will never be able to reverse hash it back to the word ‘cat’. cat 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50
© University of South Wales Cryptographic Hash Functions • Computationally infeasible to reverse • SHA-1 – Produces a string of 160 bits – Specification finalised in 1995 • MD5 – Quicker to compute than SHA-1 – Known to have been attacked
© University of South Wales Overview of hash use in passwords Example for account registration 1. User creates an account 2. Password is hashed and stored (as a hash) in the database 3. When the user attempts to log in, the hash of the password they enter is checked against the hash of their real password 4. If the hashes match, the user is granted access. 5. Steps 3 and 4 repeat every time a user tries to log in.
© University of South Wales THIS IS THE PROCESS IN BRIEF FOR SHA-1 Hold on to your hats…
© University of South Wales Take your word and convert • Original word – Cat • Convert to ASCII – 99 97 116 • Convert ASCII codes to binary – 01100011 01100001 01110100 • Join together and add a 1 to the end – 0110001101100001011101001
© University of South Wales Add a load of zeros… • The number of digits in your message divided by 512 must have a remainder of 448, so add as many zeros as necessary to get a remainder of 448 – 0110001101100001011101001 • My message length is 25 (8 * 3 +1) – 448 – 25 = 423 • Therefore, add 423 zeros to my message, then it will be 448 digits long – 448 / 512 is 0 remainder 448
© University of South Wales More padding is added • The length of the original message is added next, but it must equal 64 bits, so in our case, as the length was 25, I add the binary of 25 (00011001) preceded by 56 zeros (because 8 digits plus 56 digits = 64 digits) to the end of my message. • Looks like this: • 011000110110000101110100100000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000011001
© University of South Wales Chunk and process • Break the string into chunks of 512 (ours is already 512) • Break the chunks into 16 x 32 bit words • Extend each group of 16 words to 80 words via a looped algorithm – 4 words selected – XOR the words together eg • a 1 and a zero becomes a 1 (1 + 0 = 1) • a zero and a zero becomes a 0 (0 + 0 = 0) • a 1 and a 1 becomes a 0 (1 + 1 = 0) • a 0 and a 1 becomes a 1 (0 + 1 = 1)
© University of South Wales Chunk and process further • The new word is left rotated by 1 – The first character is removed and added to the end of the word • The word is added to the next vacant slot (ie on the first loop this will become word number 16) until there are 80 words in total • A series of functions is carried out on each word, depending on the number of the word (eg words 0-19 use function 1) • Words are ‘added’ together, and additional digits are truncated. • Convert back to hex – 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50 – VOILA!!!
© University of South Wales SHA-1 is broken • On 23 February 2017, Google created a SHA-1 collision which they named ‘SHAttered’ • Two distinct PDF files generated the same SHA-1 digest • This is important since it means both files will be trusted even though one is not the original • Could be used for malware purposes
© University of South Wales Who uses SHA-1 anyway? • SHA-1 was deprecated by NIST in 2011 • Chrome will warn you not to trust a site’s SSL certificate if it uses SHA-1 • Firefox reacted to the SHA-1 collision by deprecating it on 24 Feb 17 • Microsoft still uses SHA-1 and is planning to deprecate it later this year, although IE11 and Edge will not show the lock icon on sites with an SHA-1 certificate • There may be instances where the use of SHA-1 is not significant – see NIST’s NSRL report.
© University of South Wales How realistic is an attack? • Researchers used a vast amount of computational power to generate this attack • The attack required over 9,223,372,036,854,775,808 SHA-1 computations, equivalent to 110 years of single-GPU computations • But… remember that computers are getting quicker and more powerful • Google will publicly release the code allowing anyone to create a pair of PDFs that hash to the same SHA-1 in 90 days
© University of South Wales References The first website listed is the one mainly used for the walkthrough in this presentation, where you can hash your own word and see the exact process in action: • Metamorphosite (2008) Available at: http://www.metamorphosite.com/one-way-hash-encryption- sha1-data-software (Accessed: 8/10/15) • Defuse Security (2016) Crackstation Salted Password Hashing. Available at: https://crackstation.net/hashing-security.htm (Accessed: 26/02/17) • Fox-Brewster, T. (2017) Google just ‘shattered’ an old crypto algorithm. Available at: https://www.forbes.com/sites/thomasbrewster/2017/02/23/google-sha-1-hack-why-it- matters/#3d51944c4c8c (Accessed: 26/02/17) • Shattered (2017). Available at: https://shattered.io/ (Accessed: 26/02/17)

Recomendados

SQLfX Slide119
SQLfX Slide119SQLfX Slide119
SQLfX Slide119Michael M David
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash AlgorithmVishakha Agarwal
 
Bitcoin
BitcoinBitcoin
BitcoinUniversity of South Wales
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)DUET
 
Secure hashing algorithm
Secure hashing algorithmSecure hashing algorithm
Secure hashing algorithmKarteek Paruchuri
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
sh[1]
sh[1]sh[1]
sh[1]Sherif Mostafa
 
Premazzi erasmus 24 febbraio
Premazzi erasmus 24 febbraioPremazzi erasmus 24 febbraio
Premazzi erasmus 24 febbraiogaragErasmus Foundation
 

Recomendados

SQLfX Slide119
SQLfX Slide119SQLfX Slide119
SQLfX Slide119Michael M David
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash AlgorithmVishakha Agarwal
 
Bitcoin
BitcoinBitcoin
BitcoinUniversity of South Wales
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)DUET
 
Secure hashing algorithm
Secure hashing algorithmSecure hashing algorithm
Secure hashing algorithmKarteek Paruchuri
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
sh[1]
sh[1]sh[1]
sh[1]Sherif Mostafa
 
Premazzi erasmus 24 febbraio
Premazzi erasmus 24 febbraioPremazzi erasmus 24 febbraio
Premazzi erasmus 24 febbraiogaragErasmus Foundation
 
Publication
PublicationPublication
PublicationPranjal Jain
 
some SHA1 implementation
some SHA1 implementationsome SHA1 implementation
some SHA1 implementationMakoto Kishimoto
 
SHA-1 backdooring & exploitation
SHA-1 backdooring & exploitationSHA-1 backdooring & exploitation
SHA-1 backdooring & exploitationAnge Albertini
 
Fungsi Hash & Algoritma SHA-256
Fungsi Hash & Algoritma SHA-256Fungsi Hash & Algoritma SHA-256
Fungsi Hash & Algoritma SHA-256Aditya Gusti Tammam
 
PGCE certificate.PDF
PGCE certificate.PDFPGCE certificate.PDF
PGCE certificate.PDFRichard Morgan
 
Rop presentation yeb final 3 march 2012-1
Rop presentation yeb final 3 march 2012-1Rop presentation yeb final 3 march 2012-1
Rop presentation yeb final 3 march 2012-1RBAPAT54
 
SHA1 weakness
SHA1 weaknessSHA1 weakness
SHA1 weaknesscnpo
 
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesSHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesNeeraj Aarora
 
University of Wales certificate
University of Wales certificateUniversity of Wales certificate
University of Wales certificateStephanie Yan Ki Tse
 
Hash mac algorithms
Hash mac algorithmsHash mac algorithms
Hash mac algorithmsJames Wong
 
MBA Certificate
MBA CertificateMBA Certificate
MBA CertificateZakirul Taksim
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
Cybozu Tech Conference 2016 バグの調べ方
Cybozu Tech Conference 2016 バグの調べ方Cybozu Tech Conference 2016 バグの調べ方
Cybozu Tech Conference 2016 バグの調べ方MITSUNARI Shigeo
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Programa de la 5 s
Programa de la 5 sPrograma de la 5 s
Programa de la 5 sAlexander Dorado
 
Bitcoinを技術的に理解する
Bitcoinを技術的に理解するBitcoinを技術的に理解する
Bitcoinを技術的に理解するKenji Urushima
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & AnalysisPawandeep Kaur
 
Hashing
HashingHashing
HashingGhaffar Khan
 
Anti Collision Railways System
Anti Collision Railways SystemAnti Collision Railways System
Anti Collision Railways SystemAnkit Singh
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
shenktalk.pdf
shenktalk.pdfshenktalk.pdf
shenktalk.pdfHungryBastard
 
Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfishVaibhav Khanna
 

Mais conteúdo relacionado

Destaque

SHA-1 backdooring & exploitation
SHA-1 backdooring & exploitationSHA-1 backdooring & exploitation
SHA-1 backdooring & exploitationAnge Albertini
 
Rop presentation yeb final 3 march 2012-1
Rop presentation yeb final 3 march 2012-1Rop presentation yeb final 3 march 2012-1
Rop presentation yeb final 3 march 2012-1RBAPAT54
 
SHA1 weakness
SHA1 weaknessSHA1 weakness
SHA1 weaknesscnpo
 
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesSHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesNeeraj Aarora
 
Hash mac algorithms
Hash mac algorithmsHash mac algorithms
Hash mac algorithmsJames Wong
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
Cybozu Tech Conference 2016 バグの調べ方
Cybozu Tech Conference 2016 バグの調べ方Cybozu Tech Conference 2016 バグの調べ方
Cybozu Tech Conference 2016 バグの調べ方MITSUNARI Shigeo
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Bitcoinを技術的に理解する
Bitcoinを技術的に理解するBitcoinを技術的に理解する
Bitcoinを技術的に理解するKenji Urushima
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & AnalysisPawandeep Kaur
 
Anti Collision Railways System
Anti Collision Railways SystemAnti Collision Railways System
Anti Collision Railways SystemAnkit Singh
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 

Destaque (20)

Publication
PublicationPublication
Publication
 
some SHA1 implementation
some SHA1 implementationsome SHA1 implementation
some SHA1 implementation
 
SHA-1 backdooring & exploitation
SHA-1 backdooring & exploitationSHA-1 backdooring & exploitation
SHA-1 backdooring & exploitation
 
Fungsi Hash & Algoritma SHA-256
Fungsi Hash & Algoritma SHA-256Fungsi Hash & Algoritma SHA-256
Fungsi Hash & Algoritma SHA-256
 
PGCE certificate.PDF
PGCE certificate.PDFPGCE certificate.PDF
PGCE certificate.PDF
 
Rop presentation yeb final 3 march 2012-1
Rop presentation yeb final 3 march 2012-1Rop presentation yeb final 3 march 2012-1
Rop presentation yeb final 3 march 2012-1
 
SHA1 weakness
SHA1 weaknessSHA1 weakness
SHA1 weakness
 
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesSHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
 
University of Wales certificate
University of Wales certificateUniversity of Wales certificate
University of Wales certificate
 
Hash mac algorithms
Hash mac algorithmsHash mac algorithms
Hash mac algorithms
 
MBA Certificate
MBA CertificateMBA Certificate
MBA Certificate
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
Cybozu Tech Conference 2016 バグの調べ方
Cybozu Tech Conference 2016 バグの調べ方Cybozu Tech Conference 2016 バグの調べ方
Cybozu Tech Conference 2016 バグの調べ方
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
 
Programa de la 5 s
Programa de la 5 sPrograma de la 5 s
Programa de la 5 s
 
Bitcoinを技術的に理解する
Bitcoinを技術的に理解するBitcoinを技術的に理解する
Bitcoinを技術的に理解する
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
Hashing
HashingHashing
Hashing
 
Anti Collision Railways System
Anti Collision Railways SystemAnti Collision Railways System
Anti Collision Railways System
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 

Semelhante a Sha-1 Collision

Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfishVaibhav Khanna
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!nerdybeardo
 
H2O World - Clustering & Feature Extraction on Text - Seth Redmore
H2O World - Clustering & Feature Extraction on Text - Seth RedmoreH2O World - Clustering & Feature Extraction on Text - Seth Redmore
H2O World - Clustering & Feature Extraction on Text - Seth RedmoreSri Ambati
 
Real-time Inverted Search in the Cloud Using Lucene and Storm
Real-time Inverted Search in the Cloud Using Lucene and StormReal-time Inverted Search in the Cloud Using Lucene and Storm
Real-time Inverted Search in the Cloud Using Lucene and Stormlucenerevolution
 
Real-Time Inverted Search NYC ASLUG Oct 2014
Real-Time Inverted Search NYC ASLUG Oct 2014Real-Time Inverted Search NYC ASLUG Oct 2014
Real-Time Inverted Search NYC ASLUG Oct 2014Bryan Bende
 
CJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment InstructionCJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment InstructionVinaOconner450
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardShafaan Khaliq Bhatti
 
TM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxTM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxMohammedYusuf609377
 
2nd Quarter CSS Week 1.pptx
2nd Quarter CSS Week 1.pptx2nd Quarter CSS Week 1.pptx
2nd Quarter CSS Week 1.pptxJOSEKARLOSMPABLO
 
AWS re:Invent 2016| GAM302 | Sony PlayStation: Breaking the Bandwidth Barrier...
AWS re:Invent 2016| GAM302 | Sony PlayStation: Breaking the Bandwidth Barrier...AWS re:Invent 2016| GAM302 | Sony PlayStation: Breaking the Bandwidth Barrier...
AWS re:Invent 2016| GAM302 | Sony PlayStation: Breaking the Bandwidth Barrier...Amazon Web Services
 
CCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systemsCCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systemsAhmed Habib
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and crackingNipun Joshi
 

Semelhante a Sha-1 Collision (20)

shenktalk.pdf
shenktalk.pdfshenktalk.pdf
shenktalk.pdf
 
Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfish
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!
 
H2O World - Clustering & Feature Extraction on Text - Seth Redmore
H2O World - Clustering & Feature Extraction on Text - Seth RedmoreH2O World - Clustering & Feature Extraction on Text - Seth Redmore
H2O World - Clustering & Feature Extraction on Text - Seth Redmore
 
Real-time Inverted Search in the Cloud Using Lucene and Storm
Real-time Inverted Search in the Cloud Using Lucene and StormReal-time Inverted Search in the Cloud Using Lucene and Storm
Real-time Inverted Search in the Cloud Using Lucene and Storm
 
Real-Time Inverted Search NYC ASLUG Oct 2014
Real-Time Inverted Search NYC ASLUG Oct 2014Real-Time Inverted Search NYC ASLUG Oct 2014
Real-Time Inverted Search NYC ASLUG Oct 2014
 
What is network
What is networkWhat is network
What is network
 
ieee paper
ieee paper ieee paper
ieee paper
 
The tipping point
The tipping pointThe tipping point
The tipping point
 
The Tipping Point
The Tipping PointThe Tipping Point
The Tipping Point
 
CJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment InstructionCJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment Instruction
 
Scalable Real-time analytics using Druid
Scalable Real-time analytics using DruidScalable Real-time analytics using Druid
Scalable Real-time analytics using Druid
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption Standard
 
TM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxTM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptx
 
2nd Quarter CSS Week 1.pptx
2nd Quarter CSS Week 1.pptx2nd Quarter CSS Week 1.pptx
2nd Quarter CSS Week 1.pptx
 
Checksum 101
Checksum 101Checksum 101
Checksum 101
 
AWS re:Invent 2016| GAM302 | Sony PlayStation: Breaking the Bandwidth Barrier...
AWS re:Invent 2016| GAM302 | Sony PlayStation: Breaking the Bandwidth Barrier...AWS re:Invent 2016| GAM302 | Sony PlayStation: Breaking the Bandwidth Barrier...
AWS re:Invent 2016| GAM302 | Sony PlayStation: Breaking the Bandwidth Barrier...
 
ITS orientation 2010
ITS orientation 2010ITS orientation 2010
ITS orientation 2010
 
CCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systemsCCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systems
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 

Último

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Último (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Sha-1 Collision

  • 1. © University of South Wales Hashes and the SHA-1 Collision An updated guide to hashes in IT security Clare Johnson, Lecturer in Cyber Security, University of South Wales Clare.johnson@southwales.ac.uk
  • 2. © University of South Wales the quick brown dog fox the quick brown fox ced71fa7235231bed383facfdc41c4ddcc22ecf1 ff0f0a8b656f0b44c26933acd2e367b6c1211290 4860129fbb3e4a0d5e52e388e5a660dcbb5d3df6 hash function Numeric output of fixed length Text input of variable length What are hashes? • Hashes are mathematical functions (or algorithms) that take a string of data of a variable length and turn it into a numeric string of fixed length hash function hash function
  • 3. © University of South Wales Examples • Any amount of data is converted to a fixed-length “fingerprint” • Cannot be reversed • Any change in the input results in a completely different hash. hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366 hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542
  • 4. © University of South Wales Why use hashes? • Hashes are used in databases to make it easier / faster to search for data • We are interested in the hashes that are used for data encryption – this may be: – To store sensitive data in encrypted format – To ensure integrity of data
  • 5. © University of South Wales Important Properties • A hash is unique, but always repeatable – The word ‘cat’ will hash to something that no other word will hash to, but it will always hash to the same thing • The function is one way – If you are given the hash value for ‘cat’ you will never be able to reverse hash it back to the word ‘cat’. cat 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50
  • 6. © University of South Wales Cryptographic Hash Functions • Computationally infeasible to reverse • SHA-1 – Produces a string of 160 bits – Specification finalised in 1995 • MD5 – Quicker to compute than SHA-1 – Known to have been attacked
  • 7. © University of South Wales Overview of hash use in passwords Example for account registration 1. User creates an account 2. Password is hashed and stored (as a hash) in the database 3. When the user attempts to log in, the hash of the password they enter is checked against the hash of their real password 4. If the hashes match, the user is granted access. 5. Steps 3 and 4 repeat every time a user tries to log in.
  • 8. © University of South Wales THIS IS THE PROCESS IN BRIEF FOR SHA-1 Hold on to your hats…
  • 9. © University of South Wales Take your word and convert • Original word – Cat • Convert to ASCII – 99 97 116 • Convert ASCII codes to binary – 01100011 01100001 01110100 • Join together and add a 1 to the end – 0110001101100001011101001
  • 10. © University of South Wales Add a load of zeros… • The number of digits in your message divided by 512 must have a remainder of 448, so add as many zeros as necessary to get a remainder of 448 – 0110001101100001011101001 • My message length is 25 (8 * 3 +1) – 448 – 25 = 423 • Therefore, add 423 zeros to my message, then it will be 448 digits long – 448 / 512 is 0 remainder 448
  • 11. © University of South Wales More padding is added • The length of the original message is added next, but it must equal 64 bits, so in our case, as the length was 25, I add the binary of 25 (00011001) preceded by 56 zeros (because 8 digits plus 56 digits = 64 digits) to the end of my message. • Looks like this: • 011000110110000101110100100000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000011001
  • 12. © University of South Wales Chunk and process • Break the string into chunks of 512 (ours is already 512) • Break the chunks into 16 x 32 bit words • Extend each group of 16 words to 80 words via a looped algorithm – 4 words selected – XOR the words together eg • a 1 and a zero becomes a 1 (1 + 0 = 1) • a zero and a zero becomes a 0 (0 + 0 = 0) • a 1 and a 1 becomes a 0 (1 + 1 = 0) • a 0 and a 1 becomes a 1 (0 + 1 = 1)
  • 13. © University of South Wales Chunk and process further • The new word is left rotated by 1 – The first character is removed and added to the end of the word • The word is added to the next vacant slot (ie on the first loop this will become word number 16) until there are 80 words in total • A series of functions is carried out on each word, depending on the number of the word (eg words 0-19 use function 1) • Words are ‘added’ together, and additional digits are truncated. • Convert back to hex – 9d989e8d27dc9e0ec3389fc855f142c3d40f0c50 – VOILA!!!
  • 14. © University of South Wales SHA-1 is broken • On 23 February 2017, Google created a SHA-1 collision which they named ‘SHAttered’ • Two distinct PDF files generated the same SHA-1 digest • This is important since it means both files will be trusted even though one is not the original • Could be used for malware purposes
  • 15. © University of South Wales Who uses SHA-1 anyway? • SHA-1 was deprecated by NIST in 2011 • Chrome will warn you not to trust a site’s SSL certificate if it uses SHA-1 • Firefox reacted to the SHA-1 collision by deprecating it on 24 Feb 17 • Microsoft still uses SHA-1 and is planning to deprecate it later this year, although IE11 and Edge will not show the lock icon on sites with an SHA-1 certificate • There may be instances where the use of SHA-1 is not significant – see NIST’s NSRL report.
  • 16. © University of South Wales How realistic is an attack? • Researchers used a vast amount of computational power to generate this attack • The attack required over 9,223,372,036,854,775,808 SHA-1 computations, equivalent to 110 years of single-GPU computations • But… remember that computers are getting quicker and more powerful • Google will publicly release the code allowing anyone to create a pair of PDFs that hash to the same SHA-1 in 90 days
  • 17. © University of South Wales References The first website listed is the one mainly used for the walkthrough in this presentation, where you can hash your own word and see the exact process in action: • Metamorphosite (2008) Available at: http://www.metamorphosite.com/one-way-hash-encryption- sha1-data-software (Accessed: 8/10/15) • Defuse Security (2016) Crackstation Salted Password Hashing. Available at: https://crackstation.net/hashing-security.htm (Accessed: 26/02/17) • Fox-Brewster, T. (2017) Google just ‘shattered’ an old crypto algorithm. Available at: https://www.forbes.com/sites/thomasbrewster/2017/02/23/google-sha-1-hack-why-it- matters/#3d51944c4c8c (Accessed: 26/02/17) • Shattered (2017). Available at: https://shattered.io/ (Accessed: 26/02/17)