size_t Does Matter Hash Length Extension Attacks Explained Mika - PowerPoint PPT Presentation

Oct 06, 2023 •352 likes •537 views

size_t Does Matter Hash Length Extension Attacks Explained Mika Bostrm <bostik@iki.fi>, <mika.bostrom@smarkets.com> dc4420, 2015-10-29 Cryptographic Hash Properties Digest Size (n bits) Input Block Size (m bits) m >

size_t Does Matter Hash Length Extension Attacks Explained Mika Boström <bostik@iki.fi>, <mika.bostrom@smarkets.com> dc4420, 2015-10-29
Cryptographic Hash Properties ● Digest Size (n bits) ● Input Block Size (m bits) ● m > n ● Input processed block at a time ● Mutates internal state ● In other words: blocks are chained ● Merkle-Damgård: last block padded, includes number of bytes processed
Hash Length Extension ● ”Append data to a keyed hash, without knowing the key, and calculate a valid hash with your data included” ● Or, programmer friendly: – H1 = H(key + data + padding) – Transmit H1, data – Attacker: append $EVILDATA, calculate H2 – Transmit: H2, (data+$EVILDATA) – Receiver: calculate H = (key + received data) ● H = H2
SHA-1 Properties ● 160-bit output ● 512-bit input block ● Merkle-Damgård construct – Yes, that Merkle
SHA-1 Internal State struct SHA1State { uint32 A; uint32 B; uint32 C; uint32 D; uint32 E; }
SHA-1 Internal State struct SHA1State { uint32 A; uint32 B; uint32 C; uint32 D; uint32 E; }
SHA-1 Final Hash … visualised Uint32 A Uint32 B Uint32 C Uint32 D Uint32 E
Keyed Hash ● Secret shared key ● Known payload data ● Hash = H(key + data) Looks a bit like … salted hash?
Hash Extension Illustrated
Hash Extension Illustrated ● Key + padding missing ● Padding: includes number of bytes hashed ● Guess key length, calculate padding!
Hash Extension Illustrated
Hash Extension Illustrated ● Hash is valid over the whole of preceding data, with the key prefixed ● Attacker did not need to know the shared key ● Effect of EVIL DATA depends on implementation ● Would you guarantee your implementation handles every possible case of malformed but accepted-as-good input?
Morale Of The Story ● Keyed hash as authentication method: broken ● Just use HMAC instead ● … even with SHA-3 ● … because someone could plug a vulnerable hash into the construct ● Applied crypto is a world of cargo-culting
Trivia: Also Vulnerable ● MD5 ( d'oh ) ● SHA-256 ● SHA-512 ● RIPEMD-160
Trivia: Not Vulnerable ● SHA-384 (truncated) ● SHA-256/512 (truncated) ● SHA-3 (incomplete state export)
Code Gone Wild ● https://github.com/stephenbradshaw/hlextend ● https://github.com/bwall/HashPump ● https://github.com/iagox86/hash_extender ● Just to name a few
Question Time

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FUNCTION MERGING by SEQUENCE ALIGNMENT DOES SIZE MATTER? DOES SIZE MATTER? S E Y DOES SIZE

Rodrigo Rocha http://rcor.me University of Edinburgh FUNCTION MERGING by SEQUENCE ALIGNMENT DOES SIZE MATTER? DOES SIZE MATTER? S E Y DOES SIZE MATTER? S E Y ... EMBEDDED SYSTEMS SAVINGS IN CODE Smaller Memories 1 0 1 1 0 1

1.89k views • 177 slides

Detection of extracellular vesicles: size does matter Edwin van der Pol November 16 th , 2018

Detection of extracellular vesicles: size does matter Edwin van der Pol November 16 th , 2018 Outline PhD research Extracellular vesicles Size does matter Flow cytometry Outlook Standardisation Clinical studies Small and fast 2 200 nm

656 views • 41 slides

Modeling the Temporal and Size- Distributions of Diesel Particulate Matter Darrell Sonntag PhD

Modeling the Temporal and Size- Distributions of Diesel Particulate Matter Darrell Sonntag PhD Candidate Civil and Environmental Engineering Cornell University Particulate Matter (PM) Diesel particulate matter Complex mixture of

359 views • 11 slides

SIZE DOES MATTER Jrn Nettingsmeier <nettings@stackingdwarves.net> David Dohrmann

Large-scale Higher Order Ambisonic Sound Reinforcement Systems or: SIZE DOES MATTER Jrn Nettingsmeier <nettings@stackingdwarves.net> David Dohrmann <david@adamsonsystems.com> Ambisonics Symposium 2011 June 2-3, Lexington, KY

717 views • 36 slides

Does Size Matter? The Impact of Body Perfect Ideals in the Media Helga Dittmar Dublin,

Does Size Matter? The Impact of Body Perfect Ideals in the Media Helga Dittmar Dublin, 13th April 2010 Why worry? Media models body size versus reality Gap between body ideal actual body Exposure unavoidable (3,000+ ads a

570 views • 38 slides

Detection of extracellular vesicles by flow cytometry: size does matter Edwin van der Pol

Detection of extracellular vesicles by flow cytometry: size does matter Edwin van der Pol November 6th, 2018 2 images: R. Hooke Micrographia 1665 3 image: A. van Leeuwenhoek Royal society 1675 4 image: A. van Leeuwenhoek Opera Omnia 1719 5

986 views • 80 slides

Aspects of Financial Development and Manufacturing Growth and Size: Which Matter? Sarah Salvador

Aspects of Financial Development and Manufacturing Growth and Size: Which Matter? Sarah Salvador Daway-Ducanes Maria Socorro Gochoco-Bautista University of the Philippines School of Economics (UPSE) FD and Manufacturing Growth 1 / 33

621 views • 33 slides

Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes

Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes Gkta - Elias Athanasopoulos - Michalis Polychronakis Herbert Bos - Georgios Portokalidis presented by: Flora Karniavoura Katerina Karagiannaki

376 views • 23 slides

The Nature of Matter 1 12/6/16 Matter & Energy Matter Matter is the "stuff"

12/6/16 The Nature of Matter 1 12/6/16 Matter & Energy Matter Matter is the "stuff" of the universe. Matter is anything that occupies space and has mass . Matter exists as a solid, liquid, gas, and plasma . Matter

595 views • 36 slides

The Bowie and Dick Type The Bowie and Dick Type Test Test Does size and penetration Does size

The Bowie and Dick Type The Bowie and Dick Type Test Test Does size and penetration Does size and penetration really matter? really matter? Presented by Presented by Terry McAuley Terry McAuley Sterilisation and Infection Control

789 views • 42 slides

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides

AUSTRAC the value of suspicious matter reporting Markus Erikson, Director Intelligence, AUSTRAC

AUSTRAC the value of suspicious matter reporting Markus Erikson, Director Intelligence, AUSTRAC July 2020 About AUSTRAC Serious crime is motivated by profit, and no matter the size, most criminal acts leave a financial trail. AUSTRAC is the

274 views • 9 slides

Chemistry Chemistry is the science of matter and the changes it undergoes What is matter? (as

Chemistry Chemistry is the science of matter and the changes it undergoes What is matter? (as it is related to biology) Matter Matter is anything that takes up space and has mass All living and nonliving matter is composed of

382 views • 13 slides

The Problem of Size prof. dr Arno Siebes Algorithmic Data Analysis Group Department of

The Problem of Size prof. dr Arno Siebes Algorithmic Data Analysis Group Department of Information and Computing Sciences Universiteit Utrecht Does Size Matter? Volume In the previous lecture we characterised Big Data by the three Vs

858 views • 46 slides

The Properties of Matter Basic Concepts All objects are made up of matter Matter is

The Properties of Matter Basic Concepts All objects are made up of matter Matter is anything that takes up space and has mass Properties are the specific characteristics that describe matter Matter can be identified using its

335 views • 9 slides

LEADERSHIP IS ACTION NOT POSITION LUCIANO SANTINI PH.D. WHY DOES IT MATTER TO ALL OF US IN THE

LEADERSHIP IS ACTION NOT POSITION LUCIANO SANTINI PH.D. WHY DOES IT MATTER TO ALL OF US IN THE WORKPLACE Too many training initiatives we come across rest on the assumption that one size fits all and that the same group of skills or style of

1.11k views • 36 slides

Outline Hash functions and MACs, contd Building a secure channel CSci 5271 Announcements

Outline Hash functions and MACs, contd Building a secure channel CSci 5271 Announcements intermission Introduction to Computer Security Crypto combined slides Public-key crypto basics Public key encryption and signatures Stephen McCamant

588 views • 9 slides

Verified Boot: From ROM to Userspace ROM-Code Bootloader Kernel Root File System ELC Europe

Verified Boot: From ROM to Userspace ROM-Code Bootloader Kernel Root File System ELC Europe 2016, 12.10.2016 Marc Kleine-Budde <mkl@pengutronix.de> Slide 1 - http://www.pengutronix.de - 13.10.2016 Why Verified Boot? Attractive hacking

774 views • 20 slides

1 Simple Hash Functions Requirements for Hash Functions 1. can be applied to any sized message M

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Using Symmetric Ciphers for MACs can use any block cipher chaining mode and use final block as a MAC Chapter 12 Hash Algorithms Data Authentication Algorithm (DAA) is a widely used MAC

305 views • 5 slides

Mess with the best, die like the rest (mode) Volodymyr Pikhur @vpikhur REcon Brussels 2018 1

Mess with the best, die like the rest (mode) Volodymyr Pikhur @vpikhur REcon Brussels 2018 1 About Been doing RE for more than 15 years Privately wrote multiple tools for deobfuscation and binary analysis, PE unpackers, software VM

546 views • 54 slides

Hash functions : MAC / HMAC Outline Message Authentication Codes Keyed hash family

Hash functions : MAC / HMAC Outline Message Authentication Codes Keyed hash family Unconditionally Secure MACs Ref: D Stinson: Cryprography Theory and Practice (3 rd ed), Chap 4. Universal hash family Notations: X is a

457 views • 12 slides

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA Karthikeyan.Bhargavan@inria.fr IIT Delhi, Fall 2010 Lecture 3: Coding

527 views • 36 slides

the future of hardware wallets D419 C410 1E24 5B09 0D2C 46BF 8C3D 2C48 560E 81AC @StepanSnigirev

the future of hardware wallets D419 C410 1E24 5B09 0D2C 46BF 8C3D 2C48 560E 81AC @StepanSnigirev stepan@cryptoadvance.io hardware wallets can : spend funds user input spending output user input user output receive funds multisig do

195 views • 15 slides

IP IPSec ( ) 13 Network

IP IPSec ( ) 13 Network Security, Principles and Practice,2nd Ed. : http://www.fata.ir

567 views • 23 slides