Geek Answers Handbook

Collision of hashes and salt

I remember a guy telling me that if I let him change 4 bytes, he can make the file have whatever checksum he wants ( CRC-32 ).

I heard the mention of the salt hash. I am wondering if someone had a file with a file, would my file be pushed with an MD5 or SHA-1 hash to change the result so that both files no longer collide? Or does it only change the hash value of the end?

+3
collision hash
source share
4 answers

You are mixing two different hash values:

  • Checksumming to protect against accidental (non-malicious) errors.

  • Calculation of cryptographic messages for storing passwords, signing messages, certificates ...

CRCs are a good choice for the first application, but not completely suitable for the second, because it is easy to calculate the collision (in mathematics: CRCs are linear). Your friend tells you this.

MD5 and SHA1 are cryptographic hashes designed for the second type of application. However, MD5 was hacked, and SHA1 is now considered weak. However, even though MD5 can be hacked, it takes a long time to detect MD5 collisions (from several days to several weeks).

As for salt, it makes the calculation of the cryptographic hash local by mixing in some random unclassified value, this value is called salt . This prevents the calculation of global tables, which make it easy to calculate possible values ​​(for example, passwords) from the hash value. Computing tables is extremely expensive, but without salt, the cost will be amortized for many hacked passwords.

+6
source share

An attack (against CRC-32) does not matter if the hash you are using is not CRC-32 - MD5 and SHA-1 are not vulnerable to this type of attack (for now).

An ongoing attack on MD5 is where the attacker creates two documents with the same hash.

Salts are used to verify the password - they do not allow an attacker to perform an offline attack on the password database - each user password has a salt attached to the text element before hashing - then the pre-computed plaintext rainbow table ↔ the hashed text is useless.
+4
source share

Adding salt to your hash function really is not for any purpose if the digest function was compromised, because the salt must be publicly available for use, and the attacker could adjust his file to affect this too.

The solution to this problem is to use a secure hash function. MD5 showed that it is vulnerable to hash collisions, but I believe that SHA-1 is not working yet.

+1
source share

Cream is commonly used in password hashes to avoid dictionary attacks. There are many web reversible hash dictionaries into which you enter the hash (say: 1a79a4d60de6718e8e5b326e338ae533) and return the text: "example". With salt, it becomes almost impossible. If you add a random salt password, dictionary attack will become more difficult.

As for collisions, I don’t think you need to worry about all files having the same md5 or sha1 hash. it does not matter. An important use of the hash is to prove that the file you received matches the file that was approved by someone who is the authority on the file. If you add salt to the file, you need to send the salt so that the user can verify the hash.

This actually makes it easier for an attacker to fake your file, because it can provide a false salt along with a false file. The user can usually determine if the file is fake because it no longer serves the purpose for which it is intended. But how should the user know the difference between the correct salt and the salt of the attacker?

0
source share

More articles:


All Articles