Coder Social home page Coder Social logo

hw42 / sha1collisiondetection Goto Github PK

View Code? Open in Web Editor NEW

This project forked from cr-marcstevens/sha1collisiondetection

0.0 1.0 0.0 41 KB

Library and command line tool to detect SHA-1 collision in a file

License: Other

Makefile 3.15% C 96.85%

sha1collisiondetection's Introduction

sha1collisiondetection

Library and command line tool to detect SHA-1 collisions in files

Copyright 2017 Marc Stevens [email protected]

Distributed under the MIT Software License.

See accompanying file LICENSE.txt or copy at https://opensource.org/licenses/MIT.

Developers

About

This library and command line tool were designed as near drop-in replacements for common SHA-1 libraries and sha1sum. They will compute the SHA-1 hash of any given file and additionally will detect cryptanalytic collision attacks against SHA-1 present in each file. It is very fast and takes less than twice the amount of time as regular SHA-1.

More specifically they will detect any cryptanalytic collision attack against SHA-1 using any of the top 32 SHA-1 disturbance vectors with probability 1:

    I(43,0), I(44,0), I(45,0), I(46,0), I(47,0), I(48,0), I(49,0), I(50,0), I(51,0), I(52,0), 
    I(46,2), I(47,2), I(48,2), I(49,2), I(50,2), I(51,2), 
    II(45,0), II(46,0), II(47,0), II(48,0), II(49,0), II(50,0), II(51,0), II(52,0), II(53,0), II(54,0), II(55,0), II(56,0),
    II(46,2), II(49,2), II(50,2), II(51,2)

The possibility of false positives can be neglected as the probability is smaller than 2^-90.

The library supports both an indicator flag that applications can check and act on, as well as a special safe-hash mode that returns the real SHA-1 hash when no collision was detected and a different safe hash when a collision was detected. Colliding files will have the same SHA-1 hash, but will have different unpredictable safe-hashes. This essentially enables protection of applications against SHA-1 collisions with no further changes in the application, e.g., digital signature forgeries based on SHA-1 collisions automatically become invalid.

For the theoretical explanation of collision detection see the award-winning paper on Counter-Cryptanalysis:

Counter-cryptanalysis, Marc Stevens, CRYPTO 2013, Lecture Notes in Computer Science, vol. 8042, Springer, 2013, pp. 129-146, https://marc-stevens.nl/research/papers/C13-S.pdf

Compiling

Run:

make

Command-line usage

There are two programs bin/sha1dc and bin/sha1dc_partialcoll. The first program bin/sha1dc will detect and warn for files that were generated with a cryptanalytic SHA-1 collision attack (of which there are no public examples so far). The second program bin/sha1dc_partialcoll will detect and warn for files that were generated with a cryptanalytic collision attack against reduced-round SHA-1 (of which there are a few examples so far).

Examples:

bin/sha1dc test/sha1_reducedsha_coll.bin
bin/sha1dc_partialcoll test/sha1reducedsha_coll.bin

Library usage

See the documentation in lib/sha1.h. Here is a simple example code snippet:

#include <sha1dc/sha1.h>

SHA1_CTX ctx;
unsigned char hash[20];
SHA1DCInit(&ctx);
// SHA1DCSetSafeHash(&ctx, 0); // disable safe-hash mode (safe-hash mode is enabled by default)
SHA1DCUpdate(&ctx, buffer, (unsigned)(size));
int iscoll = SHA1DCFinal(hash,&ctx);
if (iscoll)
    printf("collision detected");
else
    printf("no collision detected");

sha1collisiondetection's People

Contributors

cr-marcstevens avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.