LITIGATION SUPPORT TIP OF THE NIGHT

A paper was published this month, Gaëtan Leurent and Thomas Peyrin, SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust, available at: https://eprint.iacr.org/2020/014.pdf , which demonstrates a viable way to perform a collision attack on SHA-1. This is an update to the paper discussed in the Tip of the Night for May 17, 2019. Their technique makes security protocols such as SSH (the secure shell network protocol) that use SHA-1 for handshake protocols vulnerable. With handshake protocols, a control protocol uses one of a list of supported hash functions. The handshake sets a range of parameters, such as a transfer rate, before normal communication begins between two devices. The new paper shows how PGP encryption keys can be created with different IDs but the same SHA-1 hash values.

This update indicates that any protocol which supports SHA-1 can be successfully attacked even if it also uses other hash function. Leurent and Peryin now claim to prove that a man in the middle attack can force two communicating devices to use SHA-1.

Leurent and Peyrin show how a collision can be accomplished for the cost of only $11,000 of computing power. "This cost will decrease over time and in a close future will be so cheap that any ill-intentioned person could afford it." Id. at 28. The paper discussed here last year mentioned engineering a collision attack for $110,000.

Vadims Podans has posted a script for PowerShell here which can be used to generate the hash value of a folder containing multiple files.

Simply copy and paste this function in PowerShell:

function Get-FolderHash ($folder) { dir $folder -Recurse | ?{!$_.psiscontainer} | %{[Byte[]]$contents += [System.IO.File]::ReadAllBytes($_.fullname)} $hasher = [System.Security.Cryptography.SHA1]::Create() [string]::Join("",$($hasher.ComputeHash($contents) | %{"{0:x2}" -f $_})) }

Then enter the command:

Get-FolderHash "C:\foofolder"

A single SHA1 hash value will be generated for the entire folder.

The views expressed in these posts are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this page is for informational purposes only. The owner makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.

Recently word has spread that the SHA-1 hashing algorithm is no longer secure. A comparatively cost-effective way has been found to to create specific files with duplicate SHA-1 hash values. Gaetan Leurent and Thomas Peyrin's paper, From Collisions to Chosen-Prefix Collisions Application to Full SHA-1, has shown that a 'chosen-prefix' collision attack is possible. A 'chosen-prefix' attack allows an attacker to create two files with substantive data inside that collide - or have the same SHA-1 hash value. The authors estimate that a SHA-1 collision attack can be achieved for as little as $110,000. The paper states that, " . . . our results show that, for some hash functions, chosen-prefix collision attacks are much easier than previously expected, and potentially not much harder than a normal collision search"

A normal collision attack simply involves finding two different messages which have equal hash values. A chosen-prefix involves finding where two prefixes when each added separately to different appendages produce the same hash value. A preimage attack aims for creating a specific hash value.

While it still may be used to identify duplicate files in electronic discovery, the SHA-1 algorithm has to be phased out of its use in the transport layer security (TLS) and secure socket layer (SSL) protocols used for communication across networks, and in PGP encryption. Leurent and Peyrin note that chosen -prefix collisions have been known to break digital certificates by imitating certificate authorities.