295 research outputs found
A Symbolic Intruder Model for Hash-Collision Attacks
In the recent years, several practical methods have been published to compute
collisions on some commonly used hash functions. In this paper we present a
method to take into account, at the symbolic level, that an intruder actively
attacking a protocol execution may use these collision algorithms in reasonable
time during the attack. Our decision procedure relies on the reduction of
constraint solving for an intruder exploiting the collision properties of hush
functions to constraint solving for an intruder operating on words
Modified SHA1: A Hashing Solution to Secure Web Applications through Login Authentication
The modified SHA1 algorithm has been developed by expanding its hash value up to 1280 bits from the original size of 160 bit. This was done by allocating 32 buffer registers for variables A, B, C and D at 5 bytes each. The expansion was done by generating 4 buffer registers in every round inside the compression function for 8 times. Findings revealed that the hash value of the modified algorithm was not cracked or hacked during the experiment and testing using powerful online cracking tool, bruteforce and rainbow table such as CrackingStation and Rainbow Crack and bruteforcer which are available online thus improved its security level compared to the original SHA1
Practical free-start collision attacks on 76-step SHA-1
In this paper we analyze the security of the compression function
of SHA-1 against collision attacks, or equivalently free-start collisions
on the hash function. While a lot of work has been dedicated to the analysis
of SHA-1 in the past decade, this is the first time that free-start collisions
have been considered for this function. We exploit the additional
freedom provided by this model by using a new start-from-the-middle
approach in combination with improvements on the cryptanalysis tools
that have been developed for SHA-1 in the recent years. This results in
particular in better differential paths than the ones used for hash function
collisions so far. Overall, our attack requires about evaluations
of the compression function in order to compute a one-block free-start
collision for a 76-step reduced version, which is so far the highest number
of steps reached for a collision on the SHA-1 compression function.
We have developed an efficient GPU framework for the highly branching
code typical of a cryptanalytic collision attack and used it in an optimized
implementation of our attack on recent GTX 970 GPUs. We report
that a single cheap US\$ 350 GTX 970 is sufficient to find the collision in
less than 5 days. This showcases how recent mainstream GPUs seem to
be a good platform for expensive and even highly-branching cryptanalysis
computations. Finally, our work should be taken as a reminder that
cryptanalysis on SHA-1 continues to improve. This is yet another proof
that the industry should quickly move away from using this function
A New Approach in Expanding the Hash Size of MD5
The enhanced MD5 algorithm has been developed by expanding its hash value up to 1280 bits from the original size of 128 bit using XOR and AND operators. Findings revealed that the hash value of the modified algorithm was not cracked or hacked during the experiment and testing using powerful bruteforce, dictionary, cracking tools and rainbow table such as CrackingStation, Hash Cracker, Cain and Abel and Rainbow Crack which are available online thus improved its security level compared to the original MD5. Furthermore, the proposed method could output a hash value with 1280 bits with only 10.9 ms additional execution time from MD5. Keywords: MD5 algorithm, hashing, client-server communication, modified MD5, hacking, bruteforce, rainbow table
- …