[SC-L] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
Awesome. --- http://en.epochtimes.com/tools/printer.asp?id=50336 The Epoch Times Home Science Technology Chinese Professor Cracks Fifth Data Security Algorithm SHA-1 added to list of accomplishments Central News Agency Jan 11, 2007 Associate professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong University of Technology has cracked SHA-1, a widely used data security algorithm. (Daniel Berehulak/Getty Images) TAIPEI-Within four years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) for digital signatures, and convert to a new and more advanced hash algorithm, according to the article Security Cracked! from New Scientist . The reason for this change is that associate professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. Wang also cracked MD5 (Message Digest 5), the hash algorithm most commonly used before SHA-1 became popular. Previous attacks on MD5 required over a million years of supercomputer time, but Wang and her research team obtained results using ordinary personal computers. In early 2005, Wang and her research team announced that they had succeeded in cracking SHA-1. In addition to the U.S. government, well-known companies like Microsoft, Sun, Atmel, and others have also announced that they will no longer be using SHA-1. Two years ago, Wang announced at an international data security conference that her team had successfully cracked four well-known hash algorithms-MD5, HAVAL-128, MD4, and RIPEMD-within ten years. A few months later, she cracked the even more robust SHA-1. Focus and Dedication According to the article, Wang's research focusses on hash algorithms. A hash algorithm is a mathematical procedure for deriving a 'fingerprint' of a block of data. The hash algorithms used in cryptography are one-way: it is easy to derive hash values from inputs, but very difficult to work backwards, finding an input message that yields a given hash value. Cryptographic hash algorithms are also resistant to collisions: that is, it is computationally infeasible to find any two messages that yield the same hash value. Hash algorithms' usefulness in data security relies on these properties, and much research focusses in this area. Recent years have seen a stream of ever-more-refined attacks on MD5 and SHA-1-including, notably, Wang's team's results on SHA-1, which permit finding collisions in SHA-1 about 2,000 times more quickly than brute-force guessing. Wang's technique makes attacking SHA-1 efficient enough to be feasible. MD5 and SHA-1 are the two most extensively used hash algorithms in the world. These two algorithms underpin many digital signature and other security schemes in use throughout the international community. They are widely used in banking, securities, and e-commerce. SHA-1 has been recognized as the cornerstone for modern Internet security. According to the article, in the early stages of Wang's research, there were other researchers who tried to crack it. However, none of them succeeded. This is why in 15 years hash research had become the domain of hopeless research in many scientists' minds. Wang's method of cracking algorithms differs from others'. Although such analysis usually cannot be done without the use of computers, according to Wang, the computer only assisted in cracking the algorithm. Most of the time, she calculated manually, and manually designed the methods. Hackers crack passwords with bad intentions, Wang said. I hope efforts to protect against password theft will benefit [from this]. Password analysts work to evaluate the security of data encryption and to search for even more secure algorithms. On the day that I cracked SHA-1, she added, I went out to eat. I was very excited. I knew I was the only person who knew this world-class secret. Within ten years, Wang cracked the five biggest names in cryptographic hash algorithms. Many people would think the life of this scientist must be monotonous, but That ten years was a very relaxed time for me, she says. During her work, she bore a daughter and cultivated a balcony full of flowers. The only mathematics-related habit in her life is that she remembers the license plates of taxi cabs. With additional reporting by The Epoch Times. -- mike 00110001 3 00110111 ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] statical analysis tools: language supports...
Hi guys, I have question about source-code statical analysis tools that are available at the market now. Are there tools that support C/C++, Java, PHP, Flash (actionscript) all in one? Most of the tools support C/C++ and Java, but I have not found any that can handle also PHP. Do you know some? Or have some information that some tool provider has plan for supporting PHP. And Flash. Indrek Saar. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Economics of Software Vulnerabilities
Kevin, I would love to see open source communities embrace secure coding practices with stronger assistance from software vendors in this space. This of course requires going beyond audit capability and figuring out ways to get the tools into developers hands. As a contributor to open source projects, I struggle with introducing security as I already contribute my time with the support/blessing of my significant other but she wouldn't let me spend hard cash on tools for contributing to open source. I wish there was a better answer for us all in this seat. Generally speaking, many of my peers outside of work contribute to open source with the rationale that it a safer place from a political perspective to try things out, kinda like a POC where the outcome doesn't have to be successful and it won't show up on your annual review. Lately, I haven't figured out how to reduce my own exposure... -Original Message- From: Wall, Kevin [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 20, 2007 9:16 PM To: McGovern, James F (HTSC, IT) Cc: sc-l@securecoding.org Subject: RE: [SC-L] Economics of Software Vulnerabilities James McGovern apparently wrote... The uprising from customers may already be starting. It is called open source. The real question is what is the duty of others on this forum to make sure that newly created software doesn't suffer from the same problems as the commercial closed source stuff... While I agree that the FOSS movement is an uprising, it: 1) it's being pushed by customers so much as IT developers 2) the uprising isn't so much as being an outcry against security as it is against not being able to have the desired features implemented in a manner desired. At least that's how I see it. With rare exceptions, in general, I do not find that the open source community is that much more security consciousness than those producing closed source. Certainly this seems true if measured in terms of vulnerabilities and we measure across the board (e.g., take a random sampling from SourceForge) and not just our favorite security-related applications. Where I _do_ see a remarkable difference is that the open source community seems to be in general much faster in getting security patches out once they are informed of a vulnerability. I suspect that this has to do as much with the lack of bureaucracy in open source projects as it does the fear of loss of reputation to their open source colleagues. However, this is just my gut feeling, so your gut feeling my differ. (But my 'gut' is probably bigger than yours, so feeling prevails. ;-) Does anyone have any hard evidence to back up this intuition. I thought that Ross Anderson had done some research along those lines. -kevin --- Kevin W. Wall Qwest Information Technology, Inc. [EMAIL PROTECTED] Phone: 614.215.4788 It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration - Edsger Dijkstra, How do we tell truths that matter? http://www.cs.utexas.edu/~EWD/transcriptions/EWD04xx/EWD498.html This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] statical analysis tools: language supports...
RATS will do PHP as well there is a plugin for Eclipse that will do static analysis on PHP code which is called Pixy. The next step would be to investigate some of the tools from SPI Dynamics, a few of them are black-box but if you combine some black-box testing with some static analysis, add some fuzzing with Paros Proxy or JBrofuzz (both from OWASP) you should see some success. The other thing to consider are some of the settings in the .ini file, configuration in PHP speaks volumes about security, kill register_globals, check the magic_quotes value, etc. Be aware that calls to include() have to be 100% correctly sanitized or you are asking for local|remote file includes, etc. ad nauseum. Anyways, hopefully this points you in the right direction. JS _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Indrek Saar Sent: Wednesday, March 21, 2007 4:49 AM To: Secure Coding Subject: [SC-L] statical analysis tools: language supports... Hi guys, I have question about source-code statical analysis tools that are available at the market now. Are there tools that support C/C++, Java, PHP, Flash (actionscript) all in one? Most of the tools support C/C++ and Java, but I have not found any that can handle also PHP. Do you know some? Or have some information that some tool provider has plan for supporting PHP. And Flash. Indrek Saar. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
Cracking a hash would [...]. There are an infinite number of messages that all hash to the same value. Yes, but there's no guarantee that this is true of any particular hash value, such as the one you're intersted in, only that there exists at least one hash value that it's true of. (At least, for hash functions in general. A *good* hash function will of course have this property for all hash values. I don't know whether SHA-1 is good in this respect, though I would expect it is.) Okay, nitpicky-mathematician mode off :-) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] statical analysis tools: language supports...
Hi, Correction: Paros Proxy is owned and copyrighted by Chinotec Technologies Co. OWASP provides another usefull tool: WebScarab (http://www.owasp.org/index.php/OWASP_WebScarab_Project) I you look for PHP security resources, http://www.owasp.org/index.php/Category:OWASP_PHP_Project can also be of help. Regards, Sebastien Belgium OWASP Chapter Leader _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J. M. Seitz Sent: woensdag 21 maart 2007 17:03 To: 'Indrek Saar'; 'Secure Coding' Subject: Re: [SC-L] statical analysis tools: language supports... RATS will do PHP as well there is a plugin for Eclipse that will do static analysis on PHP code which is called Pixy. The next step would be to investigate some of the tools from SPI Dynamics, a few of them are black-box but if you combine some black-box testing with some static analysis, add some fuzzing with Paros Proxy or JBrofuzz (both from OWASP) you should see some success. The other thing to consider are some of the settings in the .ini file, configuration in PHP speaks volumes about security, kill register_globals, check the magic_quotes value, etc. Be aware that calls to include() have to be 100% correctly sanitized or you are asking for local|remote file includes, etc. ad nauseum. Anyways, hopefully this points you in the right direction. JS _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Indrek Saar Sent: Wednesday, March 21, 2007 4:49 AM To: Secure Coding Subject: [SC-L] statical analysis tools: language supports... Hi guys, I have question about source-code statical analysis tools that are available at the market now. Are there tools that support C/C++, Java, PHP, Flash (actionscript) all in one? Most of the tools support C/C++ and Java, but I have not found any that can handle also PHP. Do you know some? Or have some information that some tool provider has plan for supporting PHP. And Flash. Indrek Saar. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Economics of Software Vulnerabilities
Spot on thread, Ed: On 3/20/07, Ed Reed [EMAIL PROTECTED] wrote: Not all of these are consumer uprisings - some are, some aren't - but I think they're all examples of the kinds of economic adjustments that occur in mature markets. - Unsafe at any speed (the triumph of consumer safety over industrial laziness) - Underwriter Laboratories (the triumph of the fire insurance industry over shoddy electrical manufacturers) - VHS (vs BetaMax - the triumph of content over technology) This is ironic to me, I wrote a paper for management types, upper tactical to strategic level view of the software security problem. In current incarnation it is called Unsafe at Any Speed. Besides a layman's breakdown of the fundamental issues, (a) implementation issues almost entirely falling under the inability to enforce data/function boundaries in modern implementation level languages or platforms, and (b) functional issues which are design/workflow, or emergent behavior related. The important point I stress is that there really hasn't been a Whistle-Blower Phase in the software industry concerning security. Today, vague arguments about plane crashes aside, there is little to no hard evidence tying software defects with security implications to loss of human life. And that's the kicker: dollars to DNA, it's death that sells. I also argue that we are killing the Canaries in the Coal Mine. The script kiddies, the guys writing the little payload-less worms, the kid who wrote the Sammy virus, they are scared to touch systems now. These were the Canaries down there in our software coal mines. SQL Slammer, Witty worm, though no payload, caused negative impact, but there were no charges for these. The charges are always some token young guy for some relatively benign worm. MySpace slows down and we prosecute a young kid with above-average problem solving skills. I used to call these worms that slowed things down free pen tests, later canaries. They had a real (positive) value to us, and we've killed that value without replacing it with something better. I experienced a rising of vendor animosity and threats in the two years, a reversing of trend back to the good old days, coupled with work constraints restricting full disclosure options. What made this worse (to me, ethically) is that many of these vendors were advertising security to their clients, from an image of a Safe on the website with a list of security features, to announcements proclaiming the security of the system displayed to users after they log in. None of these systems were measurably security in any fashion I could detect, not even to usual suspects (SQLi, XSS, Insufficient Authorization/Workflow bypass, etc. etc.). I got the feeling things were getting worse. That or I hit some weird biased sample of ISVs. I think you are on to something here in how to think about this subject. Perhaps I should float my little paper out there and we could shape up something worth while describing how the industry is evolving today. I have been peacefully quiet since I quit my old job, ignoring the security lists and industry and haven't poked the bear err trolled any of the usual suspects lately. Looks like I've been missing out on some good dialogue, thank you, this was very helpful, Arian J. Evans Solipsistic Software Security Sophist at Large ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
3APA3A wrote: First, by reading 'crack' I thought lady can recover full message by it's signature. After careful reading she can bruteforce collisions 2000 times faster. Cracking a hash would never mean recovering the full original message, except for possibly messages that were smaller than the number of bits in the hash value. There are an infinite number of messages that all hash to the same value. The best crack you can have for a hash is to be able collide with an existing hash value and be able to choose most of the message contents. BB ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
3APA3A wrote: I know meaning of 'hash function' term, I wrote few articles on challenge-response authentication and I did few hash functions implementations for hashtables and authentication in FreeRADIUS and 3proxy. Can I claim my right for sarcasm after calling ability to bruteforce 160-bit hash 2000 times faster 'a crack'? Fair enough, your sarcasm tags didn't render properly in my MUA. I was fooled by you stating that the birthday attack would be 150 bits. BB ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Economics of Software Vulnerabilities
On Wed, 21 Mar 2007, mudge wrote: Sorry, but I couldn't help but be reminded of an old L0pht topic that we brought up in January of 1999. Having just re-read it I found it still relatively poignant: Cyberspace Underwriters Laboratories[1]. I was thinking about this, too, I should have remembered it in earlier comments. The fact that such a thing has NOT come to fruition seems to be symptomatic of the industry, although there have been some partnerships between commercial and non-commercial entities (e.g. Fortify and the Java Open Review). - Steve ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Economics of Software Vulnerabilities
I was originally going to say this off-list, but it's not that big a deal. Arian J. Evans said: I think you are on to something here in how to think about this subject. Perhaps I should float my little paper out there and we could shape up something worth while describing how the industry is evolving today. I've been wanting to do something along these lines but don't have much time. I'll gladly review it or provide suggestions. I have a draft on current disclosure practices that includes the diversity of researchers and the role of vulnerability information providers. - Steve ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Economics of Software Vulnerabilities
On Mar 21, 2007, at 3:57 PM, Arian J. Evans wrote: Spot on thread, Ed: On 3/20/07, Ed Reed [EMAIL PROTECTED] wrote: Not all of these are consumer uprisings - some are, some aren't - but I think they're all examples of the kinds of economic adjustments that occur in mature markets. Unsafe at any speed (the triumph of consumer safety over industrial laziness) Underwriter Laboratories (the triumph of the fire insurance industry over shoddy electrical manufacturers) VHS (vs BetaMax - the triumph of content over technology) Sorry, but I couldn't help but be reminded of an old L0pht topic that we brought up in January of 1999. Having just re-read it I found it still relatively poignant: Cyberspace Underwriters Laboratories[1]. It seems to me that a lot of what was of concern then is still of concern now and without great headway being made over these last 8 years. Some note-able items (warning, these are subjective and broad- stroked) have been the commercial world eschewing TCSEC / Common Criteria[2], FIPS 140 being useful for some relatively niche areas and focusing on only portions of a device/component/code, and Trusted Computing really veering away from trusted computing platforms and codebases for classical security compartmentalization and instead focusing on DRM[3]. Just thinking out loud. cheers, .mudge [1] http://packetstormsecurity.org/docs/infosec/cyberul.html [2] often times due to requiring frameworks and configuration capabilities that end up not being used or too complicated for many people to customize. [3] back to the thread topic somewhat... being economics based. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
My understanding that the kind of birthday attack under discussion would start at 80-bits if SHA-1 (at 160-bits) were 100% secure. The attack under discussion is reported to reduce that to the neighborhood of 60-something bits. I am not a mathematician though, so I would be perfectly willing to believe I was wrong about that. BB 3APA3A wrote: Dear Blue Boar, It's not clear if this 'crack' cam be applied to birthday attack. My in-mind computations were: because birthday attack requires ~square root of N computations where bruteforce requires ~N/2, impact of 2000 times N decrease for birthday is ~64 times faster. 64 = 2^6. Because complexity is ~square root of possible combinations, it's equivalent of traditional birthday attack, with 160-(2*6)=148 bits hash (150 is my mistake in in-mind computations). Of cause, since I completely wasted 10 years after obtaining Master degree in Mathematics and 3 years after loosing last pencil I may be completely wrong in computations :) --Wednesday, March 21, 2007, 9:48:55 PM, you wrote to [EMAIL PROTECTED]: BB 3APA3A wrote: I know meaning of 'hash function' term, I wrote few articles on challenge-response authentication and I did few hash functions implementations for hashtables and authentication in FreeRADIUS and 3proxy. Can I claim my right for sarcasm after calling ability to bruteforce 160-bit hash 2000 times faster 'a crack'? BB Fair enough, your sarcasm tags didn't render properly in my MUA. I was BB fooled by you stating that the birthday attack would be 150 bits. BB BB ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___