BSidesLV: SHA-1 backdooring and exploitation

Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV

SHA-1 backdooring and exploitation

We've heard a lot about crypto backdoors recently (the flawed Dual_EC RNG, NIST curves and their fishy parameters, etc.). This talk presents new results on crypto backdooring, with the first published backdoor of its kind: a sabotaged version of SHA-1 that allows us to create exploitable collisions, such that we fully control the content of the colliding files: unlike theoretical "breaks" of SHA-1, our collision attacks are practical, although they use sophisticated differential attacks. We'll demonstrate PoCs of colliding binaries (MBR, COM), as well as compressed archives (RAR, 7zip) and JPEG images.

Speakers

Jean-Philippe Aumasson

Principal Research Engineer, Kudelski Security

Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security, in Switzerland. He obtained his PhD in cryptography from EPFL in 2010. JP designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He presented at Black... Read More →

Tuesday August 5, 2014 11:00 - 11:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

Common Ground

BSidesLV

Jean-Philippe Aumasson

Attendees (0)

Recently Active Participants

BSidesLV

Sign up or log in to save this to your schedule and see who's attending!

Jean-Philippe Aumasson

Attendees (0)

Recently Active Participants