[–]▶ No.1062916[Watch Thread][Show All Posts]
From Collisions to Chosen-Prefix Collisions - Application to Full SHA-1
A chosen-prefix collision attack is a stronger variant of a collision attack, where an arbitrary pair of challenge prefixes are turned into a collision. Chosen-prefix collisions are usually significantly harder to produce than (identical-prefix) collisions, but the practical impact of such an attack is much larger. While many cryptographic constructions rely on collision-resistance for their security proofs, collision attacks are hard to turn into a break of concrete protocols, because the adversary has limited control over the colliding messages. On the other hand, chosen-prefix collisions have been shown to break certificates (by creating a rogue CA) and many internet protocols (TLS, SSH, IPsec).
In this article, we propose new techniques to turn collision attacks into chosen-prefix collision attacks. Our strategy is composed of two phases: first, a birthday search that aims at taking the random chaining variable difference (due to the chosen-prefix model) to a set of pre-defined target differences. Then, using a multi-block approach, carefully analysing the clustering effect, we map this new chaining variable difference to a colliding pair of states using techniques developed for collision attacks.
We apply those techniques to MD5 and SHA1, and obtain improved attacks. In particular, we have a chosen-prefix collision attack against SHA1 with complexity between 266.9
and 269.4 (depending on assumptions about the cost of finding near-collision blocks), while the best-known attack has complexity 277.1. This is within a small factor of the complexity of the classical collision attack on SHA1 (estimated as 264.7). This represents yet another warning that industries and users have to move away from using SHA1 as soon as possible.
https://eprint.iacr.org/2019/459
Post yfw Bittorent and Git still use SHA1
____________________________
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1062932>>1062991
its going to break if they change it for torrents. so many run very old clients
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1062991>>1063917 >>1064772
>>1062932
IPFS > Torrents
Torrents on suicide watch
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063004
Life is like a downloaded torrent. You never know what you're going to get.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063018>>1063030 >>1063031 >>1063116 >>1063119 >>1074968
Makes you wonder if most of the encryption we use is already broken, or waiting to be broken soon.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063030
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063031>>1063116
>>1063018
i dont really trust this new popular thing that is ed25519. a big part of the beginning of the key is always same and i would expect that a secure key has a completely random value
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063116
>>1063018
People already know SHA1 is shit as 2004, just that it was not practical to break.
But now, with GPUs, it is possible.
The thing is that AES, Serpent, Twofish, Camellia, SEED and ARIA are all made to be relatively GPU-proof.
>>1063031
Same goes for RSA if you did it wrong.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063119
>>1063018
Considering it's implemented by humans, more than likely.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063133>>1063134 >>1063138
Aren't files in torrents divided into pieces? Wouldn't that make it impractical to forge files in a torrent, not just due to the fact that you'd have to ensure that all the pieces had the "correct" checksum, but that whatever result you were trying to achieve still worked within the context of the file as a whole, and that other people would be contributing correct pieces. Unless you're just trying to send garbage, I guess.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063134
>>1063133
but whats the checksum.. some attacks could probably work if you could generate a identical hash for another torrent and try to seed it to the swarm
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063138>>1063139
>>1063133
>Wouldn't that make it impractical
no
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063139>>1063148
>>1063138
Well you've convinced me.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063148
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063855
this might be the end of many p2p things. they would have to make a big breaking change to fix this and its unlikely that everyone would update to the new version.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063917>>1063918 >>1064769
>>1062991
>Torrents on suicide watch
No. eMule worked mostly fine, despite broken hashing.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1063918>>1064381
>>1063917
I can see you, CIA nigger. You glow in the dark theme.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1064381
>>1063918
Nah he is just a chink who can't into IPFS lol.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1064645>>1064755
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1064755>>1073194
>>1064645
LC4 isn't even cryptographically secure. Fuck off, retard.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1064769
>>1063917
>worked
there are still people that use it
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1064772
>>1062991
I don't see how a single torrent is better than torrents.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1073194>>1073203
>>1064755
I call bullshit.
How about this, OP, we use BMW512, that is one of the fastest hashes in the SHA competition that nearly got to the finalist, which is faster than BLAKE2b.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1073195>>1073203
noob here. is globally changing hash algo from SHA1 to lets say SHA256 this fucking problem?
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1073203>>1074836
>>1073194
>BMW512
who?
>nearly got to the finalist
lol
https://www.iacr.org/archive/fse2011/67330244/67330244.pdf
>which is faster than BLAKE2b
BLAKE2bp is also faster than BLAKE2b.
Using BLAKE2s in a parallel tree hashing mode is also faster than BLAKE2bp. https://github.com/oconnor663/bao
You very seldomly have to go really fast though because you're most of the time limited by IO speed.
>>1073195
>is changing something a problem
Yes. Changing something costs time/money/resources. Why do you thing we are still dealing with UNIX braindamage or Cnility?
>SHA256
https://en.wikipedia.org/wiki/Length_extension_attack
Just use SHAKE128/SHAKE256.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1073214>>1073215
>Post yfw Bittorent
Well, what exactly are the risks?
As I understand it, hashing the data in Bittorrent is for ensuring the message integrity. Now, can an attacker actually corrupt data in a meaningful way? Like, if we're seeding software, can it be backdoored that way? Or is data corruption everything we got here?
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1073215>>1073217
>>1073214
>download movie
>open movie in software written in a memory unsafe language like C/C++
>some frames have been replaced with interracial homo sex
Thanks SHA1!
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1073217
>>1073215
That's meaningful data corruption you're talking about here.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1074836>>1074841 >>1075081
>>1073203
> parallelism
You might as well use KangarooTwelve if that is the case.
Blue Midnight Wish 512 FTW
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1074841>>1075081
>>1074836
Thinking that shit is any better than Skippidy Doo Dah 69 or HoRSEPUSSYn512
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1074968>>1075081
>>1063018
Any technological progress we are experiencing now already existed in secret 30 years ago.
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1075081>>1075146
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1075146>>1075186
>>1075081
Okay then, ECHO256 from SHA3 competition round 2. Get me a whitepaper on it vs Blue Midnight Wish 512 and BLAKE2b
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1075186>>1075337
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.
▶ No.1075337
Disclaimer: this post and the subject matter and contents thereof - text, media, or otherwise - do not necessarily reflect the views of the 8kun administration.