Secure Hash Algorithm 1 or SHA-1 is a cryptographic hash function designed by the National Security Agency to be part of Digital Signature Algorithm. A hash function is a method to map an arbitrary set of data to data of fixed size called hashes or digests. And the hashing is used for digital signatures, one of the pillars of PKI’S. It’s used to ensure authenticity in/of browsers, documents, downloadable content, financial transactions. SHA-1 produces 20-byte hash value known as message digest. Every message digest is expected to be unique. We should get a completely different hash if the original data is changed in any way.

In cryptography, collision is one kind of attack specific to the hash. Collision occurs when an identical hash is produced for the two different input. It can lead to signature forgery. Secure Hash Algorithm 1 is now broken because of this collision attack. A successful collision attack has been developed and demonstrated by google researchers. SHA-1 is no longer secure and should not be relied upon for practical security. Until now collision attacks were more theoretical and expensive. But the SHA-1 attack is no longer theoretical. A method has been developed by google researchers that allow us to create two PDF files having different content but produces the identical hash value.

Below are some numbers that give a sense of how large scale this computation was,

(Source: Google Security Blog)

“SHA-1 shattered attack is still more than 100,000 times faster than a brute force attack which remains impractical.”

From a security perspective, digital signatures and cryptographic keys have a lot of importance. SHA-1 collision can be exploited by attackers to falsify the digital signatures and break the communication which makes use of the SHA-1 hash algorithm. Duplicate certificates can be created with the help of collision attack which allows an attacker to conduct impersonation attacks, man-the middle-attacks and steal sensitive data.

As a proof of the concept, two PDF files are presented by Google researchers, which have different content but same SHA-1 hash value.

Calculating sha1sum of the pdfs –

Calculating sha256sum of the pdfs –

 

Due to the small size of SHA-1 hash as mentioned in the above table (source: keyCDN), it is more prone to attack.

SHA-1 collision detection:

An online tool is developed based on the concept of counter-cryptanalysis, which can be used to submit files and can be checked for SHA-1 collision attack. Counter-cryptanalysis is a paradigm to strengthen weak cryptographic primitives and detect the cryptanalytic attack at the cryptographic level.

– It detects whether the message was constructed using collision attack.
– Single message of collision pair is sufficient.
– Based on the crucial properties of the known cryptanalysis on MD5 and SHA1:
* Attack exploits trivial differential steps with probability (close to) 1 to be able to obtain ‘low’ complexity.
* Very few message block differences result in attacks with ‘low’ complexity.

Basic algorithm: detects last near collision block
– Guess ‘message block difference’ and ‘difference’ at trivial step (i).
– Reconstruct computation.
– Check whether collision in chaining value is obtained.
If the guess was correct then collision is detected with certainty.
If the guess was incorrect then a false positive occurs.

Defense:

As shown in the above diagram consider migrating to safer alternatives such as SHA-256 or SHA-3 and also make use of online tool availability for collision detection for the PDF.

Google will release the technical details of the proof-of-concept soon, which can be used for the collision attack, i.e everyone can create two PDFs that hash to the same message digest.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>