As part of Objective 2.4 (analyzing indicators of malicious activity), collision attacks on broken cryptographic algorithms, like SHA-1, are critical examples of tampering threats.
Key Takeaways:
- Collision Attack: When two distinct inputs generate the same hash, indicating possible tampering or forgery.
- Broken SHA-1: SHA-1 is deprecated due to collision vulnerability, making it possible for attackers to create identical hashes for malicious files.
Practical Demo:
- Demonstration: Use the website, which showcases a real-world collision attack on SHA-1. It provides two PDF files that generate the same SHA-1 hash, but contain different content.
- Verification: Have students download the example files from and use Python on https://github.com/OffensiveSoldier/Collision-attack/tree/main to hash them, demonstrating the collision.
- Discussion: Analyze how collision attacks can be used in malicious activities, such as bypassing digital signatures or integrity checks.
