Abstract: In 2005, several Chinese scholars attacked the powerful security of the Secure Hash Algorithm (SHA-1). This white paper will discuss this attack method. The results show that although the SHA-1 algorithm is slightly inadequate in collision resistance compared to the original idea, the security of Maxim's SHA-1 storage device has not been affected. Therefore, the company's SHA-1 memory devices (DS1963S, DS1961S, DS28CN01, DS28E01-100, and DS2432) can still provide low-cost, effective solutions for accessory / peripheral identification and tamper-proof, memory authentication applications.
Introduction Maxim's SHA-1 memory device will provide a low-cost and efficient solution for accessory / peripheral identification and tamper-proofing, memory authentication applications. These SHA-1 memory devices are identifiable and are particularly suitable for applications that require protection against counterfeiting, such as high-volume consumables, high value-added hardware, hardware license management, building access control, or vending machines.
Fundamentally speaking, the practicality of these devices depends on the robustness and security of the secure hashing algorithm, which was developed by the National Institute of Standards and Technology (NIST) in the Federal Information Processing Standard 180-1 (FIPS PUB 180- 1) and defined in ISO / IEC 10118-3. In 2005, several Chinese scholars published a paper introducing attacks on the security of this algorithm (see Note 1). This article points out that although the security of certain applications using the SHA-1 algorithm needs to be reevaluated, the security of Maxim's SHA-1 memory devices will not be affected by this research statement. The FIPS PUB 180-1 standard for attacks against SHA-1 digest codes states that SHA-1 can compress data calculations into a specific piece of information in a secure manner. As defined in the documentation, the security of the SHA-1 algorithm has two meanings: (1) It is impossible to derive the information source by calculation from a given information summary; (2) To find two different information to make it The same summary is not computationally feasible. The first inference shows that the result obtained by the SHA-1 algorithm does not contain enough information to deduce all the text information in the algorithm input (that is, the algorithm is irreversible); it also includes if only If you know the abstract (output), it takes a lot of resources and time to find the corresponding original text information (input). The second inference shows that finding two unique input information with the same calculation result takes a lot of resources and time (that is, the algorithm is collision-resistant). The above assumption does not indicate that there is no two pieces of information with the same summary, but it is difficult to find.
In theory, finding a collision (two pieces of information with the same summary) requires up to 280 spurs (see Note 2). Scholars' attacks on SHA-1 show that this number has been reduced to only 269 operations. This new discovery weakens the second conclusion about SHA-1 above, because it effectively reduces this "computational infeasibility" by 211 levels. But this does not mean that "the two different pieces of information with the same summary of information" is computationally feasible, but it is slightly easier to implement than the previous technology. Moreover, the researchers ’discovery does not mean that it is computationally feasible to“ invert the original information from a given abstract to generate the abstract â€because this new attack is based on carefully selecting two inputs Based on information. The only way to prove the attack on SHA-1 is to find a piece of information corresponding to a given digest, but it is not necessary to be the original information. If you want to derive the original information, you need to use the exhaustive method to perform 2160 search operations.
Although the authority of the second conclusion about the SHA-1 algorithm is weakened by the research of Chinese scholars, there is no reason to suspect that the research will have any effect on the first conclusion of SHA-1. Therefore, in general, SHA-1 is still irreversible, but it may be slightly inadequate in collision. Nevertheless, for applications that rely on digital signatures (such as time-stamped or notarized documents), the results of this research are still a wake-up call. Because for applications, many of the information in the input data are interrelated, Therefore, it remains to be seen whether the attacks against specific applications by Chinese scholars are effective. The security of the SHA-1 memory device of the information authorization code Maxim depends on the information authentication code (MAC) in the two-way data communication. To calculate the MAC, only the public A character string (consisting of memory contents, the device's unique serial number and random challenge code, etc.), combined with a combination password to perform a SHA-1 operation. And a secret key used as input information for the SHA-1 algorithm. Calculated The digest (or hash) is called MAC. Transmitting the MAC along with the information provides a secure method to verify that you know the key and that the data has not been tampered with during transmission. During the read operation, SHA- 1 The storage device responds with a MAC, which verifies that it is authentic and that the host receives the data correctly. During the write operation, the host provides M AC to verify that it has the right to modify the memory contents of the device and the device correctly receives the new memory contents.
The successful attack on the MAC-based security system algorithm is to find the key. For most existing SHA-1 storage devices, the key length is 64 bits and can only be written (a new, longer key length device will be introduced soon). The attacker sends a challenge code to the device, reads in the MAC code generated by the device, and then performs an exhaustive search on all 64 digits until a matching MAC code is found. This process requires 264 SHA-1 operations. It takes more than ten years for a 64 CPU Cray X1 supercomputer to calculate (see Note 3).
Finding an information source that matches a given digest requires 2160 operations (much more than the 264 operations required to find the key). Since the length of the input information is fixed at 512 bits, and 448 of them are known public data, the most direct method is to find the correct value (ie, key) of the remaining 64 bits. As long as a given digest cannot reversely deduce the original information that generated the digest ", then there is no more successful attack method than the exhaustive search key.
Note: Although the 264 operations performed to find the secret key are less complex than the 269 operations required to find a pair of information colliding, there is no comparison between the two attack methods. If the researcher finds a SHA-1 collision found within 250 operations, it still needs 264 SHA-1 operations to find the key. Therefore, although this new attack finds a new attack method of collision between any two pieces of input information, it cannot be used to find a collision for a certain input information, because the input information needs to be selected carefully. Conclusion There have been documents describing attacks on systems using SHA-1 storage devices (see Whitepaper 3: Why are SHA-1 Devices Secure?). However, using publicly readable MAC to discover hidden keys is the only known attack method. As far as SHA-1 is concerned, we know that the defined SHA-1 algorithm has two points of security: anti-collision and irreversibility. The attack algorithm proposed by Chinese scholars in 2005 showed that the anti-collision of the SHA-1 algorithm is only slightly insufficient, but this attack will not affect the security of Maxim's SHA-1 storage device. Note: X. Wang, YL Yin, and H. Yu., Finding Collisions in the Full SHA-1, Advances in Cryptology—Crypto'05, http: // (PDF) follow the "birthday paradox" and found A collision in SHA-1 requires up to 280 operations. This point of view shows that basically, if you try to match any two n-bit output elements, you only need to consider 2 (n / 2) elements, not 2 (n) elements, and the probability of finding a match is extremely high high. As we all know, all hash functions have encryption characteristics, which are only determined by the number of bits of the output data. The SHA-1 algorithm requires approximately 1,740 basic arithmetic operations between information unit blocks. Assuming that other operations require an additional 20% overhead, it takes 2100 clock cycles to fully execute the algorithm. If you use a Cray X1 supercomputer with a 64-bit CPU (the largest Cray computer as of 2005, with a single cabinet structure), you need to work continuously for 12.4 years to use its peak computing power of 81.9 billion floating-point operations per second Generate a complete lookup table. If the Cray X1 supercomputer (with 64 cabinets) with the strongest computing power declared in the advertisement is used, it will also take two months. Such a huge amount of calculation makes the cost of such attacks prohibitive.
KOSTA Small Power Generator
Kosta Small Power Generator,Home Use Power Generator,Kosta Air Cooled Portable Diesel Generaor,Kosta Small Power Generator Set
Shanghai Kosta Electric Co., Ltd. , https://www.kostagenerators.com