SHA-1 backdooring and exploitation

Presented at BSidesLV 2014, Aug. 5, 2014, 11 a.m. (30 minutes).

We've heard a lot about crypto backdoors recently (the flawed Dual_EC RNG, NIST curves and their fishy parameters, etc.). This talk presents new results on crypto backdooring, with the first published backdoor of its kind: a sabotaged version of SHA-1 that allows us to create exploitable collisions, such that we fully control the content of the colliding files: unlike theoretical "breaks" of SHA-1, our collision attacks are practical, although they use sophisticated differential attacks. We'll demonstrate PoCs of colliding binaries (MBR, COM), as well as compressed archives (RAR, 7zip) and JPEG images.


Presenters:

  • Jean-Philippe Aumasson - Principal Research Engineer - Kudelski Security
    Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security, in Switzerland. He obtained his PhD in cryptography from EPFL in 2010. JP designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He presented at Black Hat, DEFCON, RSA, and other international conferences. He initiated the Crypto Coding Standard and the Password Hashing Competition projects, wrote the books The Hash Function BLAKE (Springer, 2015) and Serious Cryptography (No Starch Press, 2017). JP tweets as @veorq.

Links:

Similar Presentations: