|
| quote: | Originally posted by MrJiveBoJingles
LOL. I have no idea how people can write essays while baked. I just float off into never never land where logic is irrelevant. |
Idk, it was just an article summary. Nothing too intense here. I like to be as verbose as possible 
I. Introduction
The UNIX operating system is well known for its extendibility and security. All flavors of Linux and *nix operating systems implement a database mechanism that encrypts user passwords and stores them in a file restricted to all but the administrator. The shadow password has been a successful utilization of cryptographic hash functions, but there are many hash algorithms that are highly vulnerable to attacks.
Most code signing on the internet and on open source operating systems have been performed by MD5 and SHA-1. Currently, most implementations use SHA-1, but it has been proven to be susceptible to collision attacks in 2^63 operations. MDA5 was formerly used in place of SHA-1 until multiple groups of researchers discovered serious flaws and declared it unsafe for further use. This is only one example of the many uses of MD5. This paper is intended to further discuss MD5 and its security flaws in its many implementations.
II. MD5 Overview
MD5 is a well known algorithm that implements a block cipher mode of operation. The cryptographic function processes a message of any size to a fixed-length 128-bit hash value. The input is divided into 512-bit blocks, and is padded to be divisible by 512. MD5 operates on the 128-bit final state, divided into four 32-bit words, which are initialized to fixed values in little endian byte ordering. Each 512-bit block gets modified through four separate rounds, consisting of 16 mathematical operations for the 32-bit words based on a non-linear function, modular addition, and left bit rotation. A different function is used each round, and the output is the 128-bit hash consisting of hexadecimal values.
III. MD5 Attacks
Hash Functions like MD5 must meet particular standards to be considered secure against cryptanalytic attacks. Preimage, Second preimage, and Collision resistance should all be met to ensure that an attacker cannot find a message with a similar digest. The most important method to analyze hash functions and block ciphers is an XOR differential attack. The XOR difference is performed bitwise in many collections of bit differences. Modular differences are mapped in a rainbow table representing the differential path and stepwise bit conditions. This method attempts to find collisions with two iterations where each message in the collision includes two message blocks. Because of the lookup table, it is a precise differential attack with sets of restrictive conditions and a message modification technique to increase collision probability.
Current collision-finding techniques specify an arbitrary prefix, where an attacker can create two colliding files that both begin with the same content. The attack can be improved upon by using these chosen-prefix collisions, which have only the requirement that after the collision the two outputs should be exactly equal in length and content. Before the collision the two outputs, for which a collision is to be found, can be anything: our chosen-prefix collision finding method will always produce a collision that can be incorporated into the two outputs, irrespective of what data is present before the collision. This method can reduce collision times to 2^49 operations. When using an Intermediate Hash Value of 0 for the Initial Value of an MD5 collision test, times can be reduced to a mind-boggling 2^23.6. This attack only takes a couple seconds on modern equipment.
IV. Vulnerability
MD5 is only attacked for this method using collision attacks, not preimage or second preimage. MD5 makes only one pass over the data, so if two prefixes with the same hash can be constructed, a common suffix can be added to both to make the collision more likely to be accepted as valid data by the application using it.
A template file with a 128-byte block of data aligned on a 64-byte boundary is necessary to create two colliding files. The template should be highly changeable as the collision-finding algorithms will be consistently modifying the template. MD5 compresses the amount of data that needs to be signed down to a constant size so that digital signature algorithms can sign a large amount of data more efficiently. Digital signature schemes are often vulnerable to hash collisions, unless using techniques like randomized hashing. This means that a certificate authority could be asked to sign a certificate for one domain, and then that certificate could be used to impersonate another domain.
Since Digital Signatures are so widely vulnerable, passwords on Unix-based platforms become at risk, but most Operating Systems include random bits known as salt at the beginning of the cryptographic hash functions, for more security. Large corporations like Google avoid MD5 attacks through SSL by choosing salt of enormous lengths to prevent attacks.
V. Conclusion
The research done on MD5 is indeed vast, but all in agreement on one fact: The MD5 Hash Algorithm is not safe to use for any form of encryption, especially in important applications such as digital signatures or password storage. The National Institute of Standards and Technology urge mathematicians and cryptographers to develop more powerful and secure hash functions as attacks get stronger. It is recommended to always use a well-known secure hash function for applications involving cryptography.
VI. Sources
Stevens, Marc, and H.C.A Van Tilborg. "On Collisions for MD5." Thesis. Eindhoven University of Technology, 2007. HashClash. TU/e. Web. <http://www.win.tue.nl/hashclash/On%....%20Stevens.pdf>.
___________________
Set Archive v2.0
|
