Analyzing Malicious Activity through Collision Attacks on SHA-1

Jump to latest Follow Reply
precious

precious

Well-known member
Apr 22, 2024
961
688
17,251
#1
As part of Objective 2.4 (analyzing indicators of malicious activity), collision attacks on broken cryptographic algorithms, like SHA-1, are critical examples of tampering threats.

Key Takeaways:​

  • Collision Attack: When two distinct inputs generate the same hash, indicating possible tampering or forgery.
  • Broken SHA-1: SHA-1 is deprecated due to collision vulnerability, making it possible for attackers to create identical hashes for malicious files.

Practical Demo:​

  1. Demonstration: Use the

    SHAttered

    shattered.io
    website, which showcases a real-world collision attack on SHA-1. It provides two PDF files that generate the same SHA-1 hash, but contain different content.
  2. Verification: Have students download the example files from

    SHAttered

    shattered.io
    and use Python on https://github.com/OffensiveSoldier/Collision-attack/tree/main to hash them, demonstrating the collision.
  3. Discussion: Analyze how collision attacks can be used in malicious activities, such as bypassing digital signatures or integrity checks.
 
  • Like
Reactions: Hank Cox, Emmanuel Phakula Mandala and Brian Ford
#2
precious said:
As part of Objective 2.4 (analyzing indicators of malicious activity), collision attacks on broken cryptographic algorithms, like SHA-1, are critical examples of tampering threats.

Key Takeaways:​

  • Collision Attack: When two distinct inputs generate the same hash, indicating possible tampering or forgery.
  • Broken SHA-1: SHA-1 is deprecated due to collision vulnerability, making it possible for attackers to create identical hashes for malicious files.

Practical Demo:​

  1. Demonstration: Use the

    SHAttered

    shattered.io
    website, which showcases a real-world collision attack on SHA-1. It provides two PDF files that generate the same SHA-1 hash, but contain different content.
  2. Verification: Have students download the example files from

    SHAttered

    shattered.io
    and use Python on https://github.com/OffensiveSoldier/Collision-attack/tree/main to hash them, demonstrating the collision.
  3. Discussion: Analyze how collision attacks can be used in malicious activities, such as bypassing digital signatures or integrity checks.
Click to expand...
@precious Thanks for the insight this is very important information
 
  • Like
Reactions: MBA and precious
You must log in or register to reply here.
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Home
Media
Resources
Menu