Nytro Posted August 7, 2014 Report Posted August 7, 2014 Malicious SHA-1TL;DR: If the four 32-bit constants of SHA-1 can be modified, then exploitable collisions can be constructed. No need to panic, this doesn’t affect the original SHA-1. However, vendors and customers of products with custom cryptography will be interested. Summary This is the webpage of the Malicious SHA-1 project, a research project that demonstrates how the security of the SHA-1 hashing standard can be fully compromised if one slightly tweaks some of the predefined constants in the SHA-1 algorithm. That is, we show that systems using “custom” versions of SHA-1 may include backdoors exploitable by the designers. Such custom versions of cryptographic standards are typically found in proprietary systems as a way to personalize the cryptography for a given customer, while retaining the security guarantees of the original algorithm. The colliding messages constructed can be valid archives files (RAR or 7zip) such that the content of the two archives can be fully controlled. We also build colliding JPEG files, which can be any two images, as in the example below (images were chosen at random): We can also construct colliding executables, with MBR (Master Boot Record) or COM files including arbitrary code. Furthermore, we present polyglot malicious SHA-1 instances, that is, for which the designer can create colliding files of different types with arbitrary content (for example: any two MBR’s, any two RAR archives, and any two shell scripts) The Malicious SHA-1 project was presented in 2014 at the following security and cryptography conferences:BSidesLV (Aug 5; Las Vegas, USA) DEF CON Skytalks (Aug 9; Las Vegas, USA) Selected Areas in Cryptography (Aug 14-15 Montreal Canada) Implications of this research are discussed in our FAQ. More details are given below, and a full description of our work is reported in the research paper.Sursa: https://malicioussha1.github.io/ Quote
