PhD Thesis Marc Stevens - Attacks on Hash Functions and Applications

mak

Соломенные сандалии
Администратор
Сообщения
497
Реакции
255


Title:Attacks on hash functions and applications
Author:Stevens, Marc Martinus Jacobus
Publisher:Mathematical Institute, Faculty of Science, Leiden University
Issue Date:2012-06-19
Keywords:Cryptography
Hash functions
MD5
Collision attack
Digital signatures
Internet security
Abstract:Cryptographic hash functions compute a small fixed-size hash value for any given message. A main application is in digital signatures which require that it must be hard to find collisions, i.e., two different messages that map to the same hash value. In this thesis we provide an analysis of the security of the cryptographic hash function standards MD5 and SHA-1 that have been broken since 2004 due to so called identical-prefix collision attacks. In particular, we present more efficient identical-prefix collision attacks on both MD5 and SHA-1 that improve upon the literature. Furthermore, we introduce a new more flexible attack on MD5 and SHA-1 called the chosen-prefix collision attack that allows significantly more control over the two colliding messages. Moreover, we have proven that our new attack on MD5 poses a realistic threat to the security of everyday applications with our construction of a rogue Certificat ion Authority (CA). Our rogue CA could have enabled the total subversion of secure communications with any website -- if we had not purposely crippled it. Our research has promoted the migration away from these weak hash functions towards more secure hash functions.

https://openaccess.leidenuniv.nl/bi...sh Functions and Applications.pdf?sequence=16
 
Верх Низ