SHA-1 backdooring and exploitation

BSidesLV 2014

Presented by: Jean-Philippe Aumasson (veorq)
Date: Tuesday August 05, 2014
Time: 11:00 - 11:35
Location: Common Ground

We've heard a lot about crypto backdoors recently (the flawed Dual_EC RNG, NIST curves and their fishy parameters, etc.). This talk presents new results on crypto backdooring, with the first published backdoor of its kind: a sabotaged version of SHA-1 that allows us to create exploitable collisions, such that we fully control the content of the colliding files: unlike theoretical "breaks" of SHA-1, our collision attacks are practical, although they use sophisticated differential attacks. We'll demonstrate PoCs of colliding binaries (MBR, COM), as well as compressed archives (RAR, 7zip) and JPEG images.

Jean-Philippe Aumasson

Principal Cryptographer, Kudelski Security Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland. JP received a Ph.D. in cryptography from EPFL in 2009, and has authored more than 30 research articles in the field of cryptography and cryptanalysis. He is known for designing the cryptographic functions BLAKE (one of 5 SHA-3 finalists), SipHash (used in Python, Ruby, etc.) and BLAKE2 (used in WinRAR, etc.). He has spoken at security conferences including Black Hat, Chaos Communications Congress, PasswordsCon, and Hashdays. In 2013 he initiated the Cryptography Coding Standard and the Password Hashing Competition. As of 2014, he is member of the technical advisory board of the Open Crypto Audit Project. JP tweets as @veorq.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats