SHA-1 backdooring and exploitation

Presented at BSidesLV 2014, Aug. 5, 2014, 11 a.m. (30 minutes)

We've heard a lot about crypto backdoors recently (the flawed Dual_EC RNG, NIST curves and their fishy parameters, etc.). This talk presents new results on crypto backdooring, with the first published backdoor of its kind: a sabotaged version of SHA-1 that allows us to create exploitable collisions, such that we fully control the content of the colliding files: unlike theoretical "breaks" of SHA-1, our collision attacks are practical, although they use sophisticated differential attacks. We'll demonstrate PoCs of colliding binaries (MBR, COM), as well as compressed archives (RAR, 7zip) and JPEG images.

Presenters:

• Jean-Philippe Aumasson - Principal Research Engineer - Kudelski Security
  Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security, in Switzerland. He obtained his PhD in cryptography from EPFL in 2010. JP designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He presented at Black Hat, DEFCON, RSA, and other international conferences. He initiated the Crypto Coding Standard and the Password Hashing Competition projects, wrote the books The Hash Function BLAKE (Springer, 2015) and Serious Cryptography (No Starch Press, 2017). JP tweets as @veorq.

Links:

• https://bsideslv2014.sched.com/event/1u5fSCR/sha-1-backdooring-and-exploitation
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2014/sha 1 backdooring and exploitation jean philippe aumasson.mp4

Similar Presentations:

• DEF CON 25 (2017) / How we created the first SHA-1 collision and what it means for hash security
• Black Hat USA 2017 / How We Created the First SHA-1 Collision and What it Means for Hash Security
• Black Hat Europe 2017 / Fed Up Getting Shattered and Log Jammed? A New Generation of Crypto is Coming