570
submitted 3 months ago by shoki@lemmy.world to c/linuxmemes@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] Natanael@slrpnk.net 8 points 3 months ago

Tldr, modern hash algorithms process data in fixed size blocks. For MD5 you take 128 bits at a time.

The core function in a hash is a little scrambler function (permutation) that takes two different inputs and gives you a single output back.

So it starts with a fixed value built into the algorithm, and then scrambles the first block of the message with it. Then it takes that scrambled piece and mixes that with the next block of the message, then takes THAT scrambled piece and mixes it with the next block. And so on until the end of the message. The last scrambled piece is the hash value.

Collision attacks target that core function by figuring out how to tweak multiple messages so that their scrambler outputs "collide", ending up equal. So you can hash two tweaked messages and get the same hash value. These tweaks usually include a bunch of random looking bits to work.

Then for a multicollision we don't just do it for two messages. We do it for every letter in the alphabet. For a HTML document we encode something like a and repeat for every letter. Every letter gets a distinct random looking value. Then we have many documents with the same hash and one letter different. We can show you a hash and then pick which letter to present you with in the document. All of them checks out.

But then we repeat the attack. We add another whole alphabet right after the first one! Now we have a a. And because the second letter is in a different block, that works just fine! Adding a second letter don't change the first intermediate value, and you can attack the second intermediate value for the second letter separately. So you add the whole alphabet again (with new associated calculated garbage for every letter in the second position), and now after the second letter we have a new intermediate value which is the same regardless of which letter we pick in the second position.

So now we can independently pick a random letter in the first position and in the second position too! Every combination of two letters has the same hash because of the hidden calculated garbage after each letter!

Then we just repeat the multicollision attack on the whole alphabet over and over until your document is long enough to encode your message. And that message may include the document's own hash.

[-] reinei@lemmy.world 1 points 3 months ago

Okay first of all this message is really nicely written to explain multi collision attacks! (I knew some stuff about hashing and collision attacks before but not about multi collision and why that would be really useful here.)

However, I first thought they were looking for inputs which basically preserve a known state and then generating an alphabet with those kinds of blocks (basically have one for each symbol and up to n additional blocks to "reset" the state to the known value) because that could shrink the size of stored blocks by a lot (I'd imagine).

But now I am wondering if that's even possible currently (even with an algorithm as "broken" as MD5 has become now)?

[-] Natanael@slrpnk.net 2 points 3 months ago* (last edited 3 months ago)

That's a second pre-image attacks when you're targeting existing state (attacking hash values of existing data by creating a second file matching it). For some reason even with MD5 that's still infeasible - but collision attacks where you don't have a target output value, but instead have partial target inputs which need to have the same output hash, are however practical and fast.

this post was submitted on 25 Jul 2024
570 points (98.5% liked)

linuxmemes

21160 readers
1352 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS