Join Log in
Score:-2
Arturo Roman avatar Crypto

What are the security flaws of SHA?

in flag
Arturo Roman

I have been researching SHA algorithms extensively, specifically SHA1, SHA2-256, SHA2-512, SHA3-256, and SHA3-512, and have found many instances of successful collision attacks as well as methods.

In my list are the following:

  • Brute Force attacks
    • Birthday attacks
    • Yuval's Birthday attack (improved birthday attack with different conditions)
  • Reduced round attacks
    • Successful on attacks on all SHA algorithms, SHA1, SHA-2, and Keccak ("Parent" function of SHA-3)
  • Chosen Prefix attacks

As well as attacks that defeat the security provided by algorithms in application.

  • Length extension attacks
    • SHA-3 is invulnerable due to the concatenation of capacity during permutations of Keccak sponge function.

I have excluded Brute force attacks (when not about finding collisions), including dictionary attacks, as well as rainbow tables since these are vulnerabilities created by something external to the algorithm itself.

102
2 + 5
DannyNiu avatar
vu flag
DannyNiu
Great work done, but the your question is a bit too broad. We can give you a summary of what each attack mean for those algorithms, but everything else is beyond the capability of community members.
0
Reply
DannyNiu avatar
vu flag
DannyNiu
And kelalaka makes a good point in the [comment of your previous question](https://crypto.stackexchange.com/questions/91692/what-are-the-different-ways-of-finding-collisions-in-sha#comment201585_91692) - "it is a research-type question". I would expect self researchers come to ask specific instances of issues instead of asking for overall summaries.
1
Reply
kelalaka avatar
in flag
kelalaka
@DannyNiu i feel more since the answer was exact copy of the previous. Circler scheme. Names
0
Reply
Gilles 'SO- stop being evil' avatar
cn flag
Gilles 'SO- stop being evil'
SHA-{1,2} and SHA-3 have completely different designs. It doesn't make sense to study them together. What kind of answer do you expect to this question anyway that goes beyond what's in the Wikipedia articles?
2
Reply
Gilles 'SO- stop being evil' avatar
cn flag
Gilles 'SO- stop being evil'
“have found many instances of successful collision attacks as well as methods” Read more carefully. All the successful attacks are on SHA-1 specifically.
1
Reply
Score:1
ArturoMunn avatar Crypto
us flag
ArturoMunn

I agree with your list but I would also consider adding comments in terms of how detrimental these attacks are to the actual security of the algorithms in terms of application. For example, successful reduced round attacks are not as worrying as they might seem since every additional round of an algorithm provides exponential amounts of added security, meaning that "breaking" a 42 round SHA256 algorithm does not breach any of the security provided by the full-round SHA256.

Additionally, actually "breaking" an algorithm doesn't completely make it insecure, in practice, since successful attacks often take up massive amounts of resources and time (breaking SHA1 took over 1.5 years and a collective of computers to break). So even if SHA1 is "insecure" it is still theoretically safe enough to use since it is infeasible to compute a collision in a reasonable amount of time and with a limited amount of resources.

0 + 0
Score:0
bean_ avatar Crypto
za flag
bean_

It might be worth noting the actual math behind the infeasibility of computing hash collisions in terms of preimage hashes too. It is one thing to find a collision where two hashes collide and to find a hash that collides with a pre-existing hash. Security is actually measured in terms of bit length, so theoretically it would take 2^n computations to find a collision in a n bit hashing algorithm. You can find more about ways of measuring security in hashing algorithms here.

0 + 1
bean_ avatar
za flag
bean_
It is also notable that in terms of "broken" hash functions the actual data used to break them where PDF files. Also in context, the limitations provided by passwords means that even though SHA is used in password storage it will never be possible to create a collision there. It is impossible to find a collision of a SHA algorithm with less than a certain amount of data (I am unsure about the exact amount but surely more than 100MB of data or so).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.