Advertisement
Home / Series / BSides Las Vegas / Aired Order / Season 2014 / Episode 2

SHA-1 backdooring and exploitation

We've heard a lot about crypto backdoors recently (the flawed Dual_EC RNG, NIST curves and their fishy parameters, etc.). This talk presents new results on crypto backdooring, with the first published backdoor of its kind: a sabotaged version of SHA-1 that allows us to create exploitable collisions, such that we fully control the content of the colliding files: unlike theoretical "breaks" of SHA-1, our collision attacks are practical, although they use sophisticated differential attacks. We'll demonstrate PoCs of colliding binaries (MBR, COM), as well as compressed archives (RAR, 7zip) and JPEG images.

English
  • Originally Aired August 5, 2014
  • Created July 23, 2019 by
    Administrator admin
  • Modified July 23, 2019 by
    Administrator admin
Name Type Role
Jean-Philippe Aumasson Guest Star