How We Created the First SHA-1 Collision and What it Means for Hash Security
Offered By: Black Hat via YouTube
Course Description
Overview
Syllabus
Intro
What is a cryptographic hash function?
What are secure hash functions used for?
Second preimage attack
The need for cryptanalysis
The Merkle-Damgård construction
Unrolled SHA-1 compress function
SHA-1 cryptanalysis in a nutshell
Two block collision
Fixed prefix attack (SHA-1)
Carefully choosing prefix to improve attack
Chosen-prefix: MDS SSL certificate forgery
Malware MD5 certificate
Attack feasibility
Attack overview
Smart prefix: JPEG embedded in PDF
Scaling computation
Developing the full collision attack
Making efficient use of GPUs
Phase 2 production rate per step
Computational cost comparison
Counter-cryptanalysis to the rescue!
GIT is using SHA-1 for foreseeable future
Mitigating GIT issues with counter-cryptanalysis
Google scans incoming documents
Why scan files for collision?
Gmail counter-cryptanalysis cost
The future of hash security is diversity
Takeaways
Taught by
Black Hat
Related Courses
Applied CryptographyUniversity of Virginia via Udacity Cryptography II
Stanford University via Coursera Coding the Matrix: Linear Algebra through Computer Science Applications
Brown University via Coursera Cryptography I
Stanford University via Coursera Unpredictable? Randomness, Chance and Free Will
National University of Singapore via Coursera