Advertisement

Collision-Resistant Usage of MD5 and SHA-1 Via Message Preprocessing

  • Michael Szydlo
  • Yiqun Lisa Yin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3860)

Abstract

A series of recent papers have demonstrated collision attacks on popularly used hash functions, including the widely deployed MD5 and SHA-1 algorithm. To assess this threat, the natural response has been to evaluate the extent to which various protocols actually depend on collision resistance for their security, and potentially schedule an upgrade to a stronger hash function. Other options involve altering the protocol in some way. This work suggests a different option. We present several simple message pre-processing techniques and show how the techniques can be combined with MD5 or SHA-1 so that applications are no longer vulnerable to the known collision attacks. For some applications, this may a viable alternative to upgrading the hash function.

Keywords

SHA-1 MD5 padding hash collision signature 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Biham, E., Chen, R.: Near Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Biham, E., Chen, R.: New Results on SHA-0 and SHA-1. In: Crypto 2004 Rump Session (August 2004)Google Scholar
  3. 3.
    Biham, E., Chen, R., Joux, A., Carribault, P., Jalby, W., Lemuet, C.: Collisions in SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Coron, J., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 56. Springer, Heidelberg (1998)Google Scholar
  6. 6.
    Damgård, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Daum, M., Lucks, S.: The Story of Alice and her Boss. In: Rump session of Eurocrypt (2005), http://www.cits.rub.de/MD5Collisions/
  8. 8.
    Handschuh, H., Gilbert, H.: Security Analysis of SHA-256 and Sisters. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Halevi, S., Krawczyk, H.: Strengthening Digital Signatures via Randomized Hashing, Internet-Draft (May 12, 2005), http://www.ietf.org/internet-drafts/draft-irtf-cfrg-rhash-00.txt
  10. 10.
    Hawkes, P., Paddon, M., Rose, G.: On Corrective Patterns for the SHA-2 Family, http://eprint.iacr.org/2004/207
  11. 11.
    Joux, A.: Collisions for SHA-0. In: Rump session of Crypto 2004 (August 2004)Google Scholar
  12. 12.
    C. Jutla and A. Patthak A Simple and Provably Good Code for SHA Message Expansion, IACR Eprint archive, Report 2005/247, http://eprint.iacr.org/2005/247
  13. 13.
    Klima, V.: Finding MD5 Collisions on a Notebook PC Using Multi-message Modifications, IACR Eprint archive, Report 2005/102, http://eprint.iacr.org/2005/102
  14. 14.
    Lenstra, A., Wang, X., de Weger, B.: Colliding X.509 Certificates, IACR Eprint archive, Report 2005/067, http://eprint.iacr.org/
  15. 15.
    Merkle, R.: One Way hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    Matusiewicz, K., Pieprzyk, J.: Finding Good Differential Patterns for Attacks on SHA-1. IACR Eprint archive (December 2004)Google Scholar
  17. 17.
    Naito, Y., Sasaki, Y., Kunihiro, N., Ohta, K.: Improved Collision Attack on MD4 IACR Eprint archive, Report 2005/151Google Scholar
  18. 18.
    Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    NIST. Secure hash standard. Federal Information Processing Standard, FIPS 180 (May 1993)Google Scholar
  20. 20.
    NIST. Secure hash standard. Federal Information Processing Standard, FIPS 180-1 (April 1995)Google Scholar
  21. 21.
    NIST. Secure hash standard. Federal Information Processing Standard, FIPS 180-2 (August 2002)Google Scholar
  22. 22.
    Wang, X., Guo, F., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. In: Rump session of Crypto 2004 and IACR Eprint archive (August 2004)Google Scholar
  23. 23.
    Wang, X., Lai, X., Guo, F., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. Finding Collisions in the full SHA-1, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  25. 25.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  27. 27.
    Wang, X., Yao, A., Yao, F.: New Collision search for SHA-1. Rump Session Crypto 2005 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Michael Szydlo
    • 1
  • Yiqun Lisa Yin
    • 2
  1. 1.RSA LaboratoriesBedfordUSA
  2. 2.Independent Security Consultant 

Personalised recommendations