|
brent timothy saner via plug on 10 Jan 2020 06:00:00 -0800
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] exploit breaks SHA-1
|
- From: brent timothy saner via plug <plug@lists.phillylinux.org>
- To: plug@lists.phillylinux.org
- Subject: Re: [PLUG] exploit breaks SHA-1
- Date: Fri, 10 Jan 2020 08:59:42 -0500
- Autocrypt: addr=brent.saner@gmail.com; prefer-encrypt=mutual; keydata= mQINBFKm0mgBEADSI5oeyqRYZ8YWxPbux4CeqaMNh4etuyJmglDRCQB9t1XlvhMDLZWQNqm+ ORBN3YGISUu+X55p10lK/O1w/85zXkAV7Qe6fkvUzSx0tbPWLu4rn4zH9JgTExElhFRv143H W/EKehejEetkNz6JSwGUXNiF5qh1GbKLOmShbmCSKXLcmw05Qj4ELmhkH9OWXpeM0EHmWIEK VSeoIim/g1MYYxKOb1wY3DEubY9zn3lfz9xfLq/xlFMepDyNAEer/qZDSHQqnymdqXlt6L9e mfd4snHLiDfUgG9JOPeMDWeT6XWJDtKKCcZ3JDSMEGgZsFYpwJxJEwPxnfhHJmH8ENxi/8Cu 0fLFvzgAP+VK/Z1egBI7l241fDDREg3e+NWFhUM5bjwBmqk1z8nkRdru+QSMtPl6Erkd+Tbp 7lGGpQwCbI6esdBPkx/nV8+fIPEcsR2G5jG7O9U4J6q3B1nRFrR863SJHudIWV/l59ZvA8kI knDYNOixPLmnoRrO7LNIWe9jpnkZdg34Aa5AjAjGEKwY5EAzqkKuPEMVGqg/36YUcnqYS98W iVgCpaGg6KJqCMVXBfugxd79rtkyT4Oeju/z/Yp2xxXm3Pqcocb1CxbiEYDLJNT7/hyIJ072 4asMz2DTDMIMciP93hPraEtINknPlerNX2XqK03D+gyBGqAL7QARAQABtCtCcmVudCBUaW1v dGh5IFNhbmVyIDxicmVudC5zYW5lckBnbWFpbC5jb20+iQI8BBMBAgAmAhsDBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AFAlLzvnsCGQEACgkQjABML5NIH2vQHxAArz6yjoQqUPoOFBRF P6hXHcMegvh4vZ0xOcoU+7KyUyD2f5jYivQFSVYcRDr7hyHTs3iRr0HKN8dUUSyLkNCc+rd2 FwqftUF2JLqlqpJ4HDXw+5L2rw0+0voy7JpRNtoGlfkh32SHIbTmNwVIFm1yVg+xNk0RAvl8 /NnPzgi0IKgOJNcxicLpy0f0o/uWHKcm6uS8SBZL3col1Wuhwqt/VY7Nz0cCF7IrRNGyMMPF PMRq3A5144U81WQR94iGlpvWku/qnFAvC9NNTllCwFYpiuI2BkndlPO3YqOwcGbVTOO765la Qz9EQn9b9ipnPjOSp9HLhu53RoJyUWogBtijCzEgODYJuflPWoXG4ubB11wP2CRPZzj3KqFE cShAyNwE2bAtHwtqsksII3J46EEQDrHam/0D6F+jNMZK31E/ET9WcdzZhFRGaBd748dRcaoH BaHpviH+GtRZiWtrR0238Df05MtZPTlZi2t4icBIGVN4j0mcMbgVY/5CudLQGa7BSjnKR/uy hJI7ANOHCsIud6rIB9s5qly60bXjOZ4hG1iFIhUFC+zgrOYGZLbJgCaKd5sdBCWOsQwInD/X eWO+6p4bW0YIp0YXZA5+0Uo8EP4t+NzvfGhe19gy8hrJYZGSW1PJDvqvs+b5XO2j5Be6ec2Y 09Ta99U94SxWp3nXpKS5Ag0EUqbSaAEQAMIB/UpTre+NGzkvTmO6wnfQuzJKEEWnX2p/+eQF ZgDhObvwhvZr7C3I9wP3JnAP3LoJqrnmp78qE2v7snlSG1i66hqcj8Cw2EkBRLFsseva2uI5 B63RLrV0tTXN86nmHhw8qJ2GBu84Ddw7KtYoCRbq902eWsgWxRJVwAK+ip24tVVJxaR23nkO FwU+suYRDhiM9GLVj2waomgJK60dhxLOLZSRwJ0S1A2pu16GEx8USEoz7WNDJgx8PJPSzyH5 U7h9hXhpTEvS8nOV5G7YhksKBR6ECjmleCSehBaotVTAhXTfoh9fyCusMBwizLBoS8GmPUnv nUlvJzyAzu1KxnFzpwEk9ZBgLqWxzC/i4PZKrpqG7n5JqgEl0gg+7fn5Sdwq14Trg+djDGa5 c8n5hXEyszWTka53AhVCn8yq01zYNZoMDG6adYku/g3n5mBxKYuSoMkzuPRgihpsrhN/0RGY nJRDw5cpAjywWhTfFWGaAz6mDNhCV9daoqAoFjmIt9PAFeTrHj0XZXW7C53t4Qor9Nc5goh5 jlw7vv58CpdF0dPF6jLhDL2AYtplqwdPQr8+hj8WyFW8Rbj/OOj/z/JdDa6xCqfvh0udGLVa FDwQXZ1D4sqjwABhqdCppYb9TSq0TzR2LyZDnn/JZied2Q2LypPbsoGa3qd//w5W6NczABEB AAGJAh8EGAECAAkFAlKm0mgCGwwACgkQjABML5NIH2tCDBAAiMHQIKXCnm3XOcBuArJ8l0Yp W7q9KWF1YtmK+Jg+JqF8vTR7qvJ1djpVJVzCbL73bSrw24bLjHhcATuBsQxYPu2sSulcPB8n ri3ki/rWiWpNtjykKi6z56o+vDmbVH8UyA++zHQIaOx7tyKnh4w1F2i46132yMHLHFAdQkAl AJRMIQ6E0AKK9t61r+NJ0KT8g1h9PMcJkPWkGmQjT9eahLlO1H3kua0xCZ264CFUkpYo7t0I Y9BuRafzrqRqrYBJzEeDSd2dNz8u+jTF8RlHyaiePcTE9R1A41mK2vDCgWAbmXW8eruVz+Av zdXSNr6erccamRmeTIyJ5WpGeoA/ZeTDVSLzU2/i/PK2yI/8DTwWnt0iLC+8qvbz+E27/8i5 x5w3PosUjXzHQugBZO0xrBqti9rWV6u73zAE07EKaGfTm4Py3HRfysmFijcT0xpEeuilXM72 TixP75enqXN45ouwrapBcjAM3oxn+eVAagtzMUjXjHJBP5g5PHCRTuzakNzvFu1YNV9Oec8S O+hoQAuW6Wy5NfCN3Bg+KHPu/U6Lw9TcbFtCGOswMx9U2Thuj7FeULli5tj/kLahOOMO0N++ msHrJNNWa2ekU9GJ1NDCOGH0zYF4F5dxrdNxuOGzz6a0+5o1DBaWUEN0wAMceluJNnqv0qni AGmGDY9HHUM=
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:autocrypt:subject:message-id:date:user-agent :mime-version:in-reply-to; bh=6PXxVIiyqSwkuuYc3F6sqgtAcNbKVUNmqB7+eRSz4ng=; b=okl1c8tmu9LFyJeUx2plUmclPcMKkfwOVKBRSicfg75CLqFs/u3Vgj/Zu/LHSdIKxy YY8ZhqJWVGDQaONh6ooJU7CmkwSR1unKaZDZjFgTJDp3VEu4Ph5HmkjIrloLwstUC4+O 7rGRA5dFdImsMt/LsSucdsHcz2QmYAUUd+sO0WHY/RCAxpSOxxwDkXA0rA5XrL43bebM GyHSmTq11zem4+b7vMMFpgOH7RHHJxkBlkcaAwWKwnO09kf+qu0F+FENMdIJZ+Rd7tQq ikkZMsZg50jJIKe9VR3lkLBBiMlvptgmXqPxDMQ8MQ8XAEhhBglFa/0v1jNw2J9B5zDR hBWw==
- Reply-to: brent timothy saner <brent.saner@gmail.com>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
On 1/10/20 08:42, jeff via plug wrote:
> https://threatpost.com/exploit-fully-breaks-sha-1/151697/
>
> Users of GnuPG, OpenSSL and Git could be in danger from an attack that’s
> practical for ordinary attackers to carry out.
Original/canonical source/alert is at https://sha-mbles.github.io/
However, the information as reported in this email is not...entirely
accurate. The damage is not as severe as one would think ever since
SHAttered[0] was announced and everyone worked to phase SHA1 out.
- Keys created using default options in GnuPG *legacy* versions (1.4,
not 2.x) are affected
- OpenSSL is most likely going to completely disable SHA1 in the default
security level (level 1). Debian, and probably others, use level 2 by
default instead of level 1.
- Git is not at risk, as SHA1 hashes are used to *identify* commits, not
*verify the integrity* of them. GPG sign-offs are used for the latter.
It is also NOT "practical for ordinary attackers" still:
"We implemented the entire chosen-prefix collision attack with those
improvements. This attack is extremely technical, contains many details,
various steps, and requires a lot of engineering work. In order to
perform this computation with a small academic budget, we rented cheap
gaming or mining GPUs from GPUserversrental, rather that the
datacenter-grade hardware used by big cloud providers. We have
successfully run the computation during two months last summer, using
900 GPUs (Nvidia GTX 1060).
As a side result, this shows that it now costs less than 100k USD to
break cryptography with a security level of 64 bits (i.e. to compute 264
operations of symmetric cryptography).
(...)
By renting a GPU cluster online, the entire chosen-prefix collision
attack on SHA-1 costed us about 75k USD. However, at the time of
conputation, our implementation was not optimal and we lost some time
(because research). Besides, computation prices went further down since
then, so we estimate that our attack costs today about 45k USD. As
computation costs continue to decrease rapidly, we evaluate that it
should cost less than 10k USD to generate a chosen-prefix collision
attack on SHA-1 by 2025."
For targeted org-level and state-level attacks, it's absolutely viable,
but it's quite far from the funding and resources available to "ordinary
attackers" still. We're not talking about breaking WEP PSKs or NTHash
hashes here. This will, of course, be more accessible with time and cost
improvements in hardware but it's not there yet.
But if you were using SHA1 still, even after SHAttered, for
integrity/verification purposes, you probably were already off to a bad
start before this was announced.
[0] https://shattered.io/
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug