Penetration Testing mailing list archives
Re: Insecure Hash Algorithms (MD5) and NTLMv2
From: Steve Friedl <steve () unixwiz net>
Date: Tue, 1 Nov 2005 22:54:49 -0800
On Wed, Nov 02, 2005 at 12:43:13AM -0500, Daniel Miessler wrote:
Hmm, yes, there are plenty of examples like the ones you've highlighted, but they all have something in common -- the input AND the output are known (chosen plaintext?)
There are three aspects at play here: 1) Collision resistance; How hard is it to create two inputs which produce the same hash? This is the lowest bar to achieve: if you control both inputs, you can dicker with one or the other or both until they both converge. Exploit: create two similar documents, get me to sign one, then trade it for the other one. Now I "agreed" to one I haven't read. Counter: make a trivial, cosmetic change to any document you sign. 2) Preimage resistance; produce an input which produces a particular hash when you have no access to the original input. Exploit: given a password hash, find a word which produces it. 3) Second preimage resistance; how hard is it create an input document which produces a given hash when you have access to the original input which created that hash. Exploit: create a bogus software package which matches the hash of the legitimate package. The only weakness that's really in the air is Collision Resistance, where we can produce two inputs with the same hash. This is of only minor concern in a practical sense, though it certainly does mean that blood is in the water and sharks are circling. Much more detail here, with pretty pictures: An Illustrated Guide to Cryptographic Hashes http://www.unixwiz.net/techtips/iguide-crypto-hashes.html#crdetail Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve () unixwiz net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Thierry Zoller (Nov 01)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Daniel Miessler (Nov 01)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Steve Friedl (Nov 03)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Daniel Miessler (Nov 04)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Steve Friedl (Nov 03)
- RE: Insecure Hash Algorithms (MD5) and NTLMv2 Ben Nagy (Nov 03)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Thor (Hammer of God) (Nov 04)
- <Possible follow-ups>
- RE: Insecure Hash Algorithms (MD5) and NTLMv2 Miguel Dilaj (Nov 01)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Jack Lloyd (Nov 03)
- Re: Insecure Hash Algorithms (MD5) and NTLMv2 Daniel Miessler (Nov 01)