Hash functions and streaming

Hash functions and streaming
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Hash functions and streaming frank 10-24-2005
Posted by frank on October 24, 2005, 12:45 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I can't seem to find any answers to some questions I have regarding
hash functions and streaming. If anyone can answer those questions, I'd
be extremely grateful.

I have the following scenario:

I have a continuous audio stream of data blocks passing from a server
to a client.
Each block is unencrypted but contains a message digest (hash) of that
block using SHA-1. The message digest is encrypted using RSA with a
private key, creating a digital signature.

At the client side, the public key is used to decrypt the message
digest.
The data block is hashed to produce another message digest.
The two digests are compared to see if they match.
If they do, the data block is accepted. If they do not the data block
is rejected.

I have just heard (although apparently it's old news) that the SHA-1
algorithm
has been fundamentally broken. It doesn't take 2**80 hashes for a
collision to occur, but only 2**69 hashes.

I don't really understand what problem is caused by someone finding a
collision.

So, my questions are:

1. Does this mean that they have reversed the hash back to plaintext?
2. Or have they found some plaintext that hashes to the same value as
some other plaintext? And if so, why is this considered dangerous?
3. How would someone launch an attack against a stream with an
encrypted SHA-1 message digest?
4. If the SHA-1 message digest was not encrypted, what is the worst
that someone could do if they could create a collision?
5. If the stream is very long and the compromised block is just 60
seconds or less of that stream, could a hash collision of that one
block provide a vulnerability for the rest of the stream? Even though
each block will have a completely different hash?

Many thanks,
frank.



Posted by Walter Roberson on October 24, 2005, 8:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
:I have just heard (although apparently it's old news) that the SHA-1
:algorithm
:has been fundamentally broken. It doesn't take 2**80 hashes for a
:collision to occur, but only 2**69 hashes.

:I don't really understand what problem is caused by someone finding a
:collision.

:So, my questions are:

:1. Does this mean that they have reversed the hash back to plaintext?

No.

:2. Or have they found some plaintext that hashes to the same value as
:some other plaintext? And if so, why is this considered dangerous?

Yes.

This is dangerous because the new plaintext might say "This is an
billed media stream; automatically pay $25,000 into the following
bank account..."

:4. If the SHA-1 message digest was not encrypted, what is the worst
:that someone could do if they could create a collision?

See above. Or worse.

:5. If the stream is very long and the compromised block is just 60
:seconds or less of that stream, could a hash collision of that one
:block provide a vulnerability for the rest of the stream? Even though
:each block will have a completely different hash?

Yes. Typically in streaming media, blocks identify themselves as
to their type. The injected block doesn't have to identify itself
as pure media data: it could identify itself as some other
block type that the player happens to have a buffer overflow
vulnerability for.
--
I am spammed, therefore I am.


Posted by frank on October 25, 2005, 6:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Lassi Hippeläinen wrote:
>
> You have two layers of cryptography, hash and encryption. In your case the
> break of SHA-1 shouldn't be relevant.
>
> Eric Rescorla wrote some thoughts about what is secure and what is not in
> his blog (scroll down to Aug 19):
> http://www.rtfm.com/movabletype/archives/2004_08.html
>
> -- Lassi

Thanks, that was a great help.

Cheers,
F.



Posted by Lassi Hippeläinen on October 25, 2005, 3:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
frank wrote:

> Hi,
>
> I can't seem to find any answers to some questions I have regarding
> hash functions and streaming. If anyone can answer those questions, I'd
> be extremely grateful.
>
> I have the following scenario:
>
> I have a continuous audio stream of data blocks passing from a server
> to a client.
> Each block is unencrypted but contains a message digest (hash) of that
> block using SHA-1. The message digest is encrypted using RSA with a
> private key, creating a digital signature.
>
> At the client side, the public key is used to decrypt the message
> digest.
> The data block is hashed to produce another message digest.
> The two digests are compared to see if they match.
> If they do, the data block is accepted. If they do not the data block
> is rejected.

You have two layers of cryptography, hash and encryption. In your case the
break of SHA-1 shouldn't be relevant.

Eric Rescorla wrote some thoughts about what is secure and what is not in
his blog (scroll down to Aug 19):
http://www.rtfm.com/movabletype/archives/2004_08.html

-- Lassi



Posted by Volker Birk on October 30, 2005, 3:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> I have just heard (although apparently it's old news) that the SHA-1
> algorithm
> has been fundamentally broken.

Yes. You could use RIPEMD-160 instead, or use a well known block cipher
in CBC mode and use the last block of it as a hash.

> I don't really understand what problem is caused by someone finding a
> collision.

Trying to be short:

The security of hash functions consists of preventing attackers from being
able to provoke collisions.

If attackers can do this, then there is no security left at all with a hash
function.

Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister


Similar ThreadsPosted
Net Transport, Hidownload and StreamBox do not download streaming audio, but all players play streaming audio from Internet! March 24, 2005, 4:56 am
which hash function is secure? May 28, 2005, 2:46 am
Looking for Suggestions on Hash Key Creation March 25, 2008, 5:42 pm
New - Most Comprehensive Online Reverse Hash Look-Up Database (MD5 and more) February 18, 2007, 1:50 pm

The site map in XML format XML site map

Contact Us | Privacy Policy