Cryptographic Algorithms and Hash Collisions Overview

Explore the world of cryptographic algorithms and hash collisions. Learn about various hashing algorithms like MD5, SHA-1, SHA-256, and more. Dive into the concepts of symmetric and asymmetric key algorithms and understand the risks associated with hash collisions. Discover the implications of post-signing collisions and chosen-prefix collisions in the realm of cybersecurity.

• Cryptography
• Hashing Algorithms
• Key Algorithms
• Hash Collisions
• Cybersecurity

kami477 Follow

Uploaded on Sep 28, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. GOPAS TECHED 2012 Ing. Ond ej eve ek |GOPAS a.s.| MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com | PKI DESIGN

2. PKI Design ALGORITHMS

3. Cryptographic Algorithms Hash algorithms no keys MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512 Symmetric key algorithms secret key RC4, DES, 3-DES, AES Asymmetric key algorithms public and private key RSA, DH, EC

4. PKI Design THOUGHTS ON HASHING

5. Hash example (not good) Sum alphabet letter positions HELLO = 8 + 5 + 12 + 12 + 15 = 52 Can obtain arbitrary clear-text (collision) without brute-forcing Several similar clear-textslead to similar output 5

6. Hash collisions Pure arithmetic collisions limited exploitability Post-signing collisions Chosen-prefix collisions 6

7. Post-signing collision Name: Ondrej Name: Ondrej Owes: 100 $ Owes: 1 000 000 $ To: Kamil To: Kamil Hash: 14EEDA49C1B7 Trash: XX349%$@#BB... Signature: 3911BA85 Hash: 14EEDA49C1B7 Signature: 3911BA85 7

8. Chosen-prefix collision Serial #: 325 Serial #: 325 CN: www.idtt.com CN: www.microsoft.com Valid: 2010 Valid: 2010 Public: 35B87AA11... Public: 4E9618C9D... Hash: 24ECDA49C1B7 Hash: 24ECDA49C1B7 Signature: 5919BA85 Signature: 5919BA85 8

9. MD5 problems Pure arithmetic in 2^112 evaluations Post-signing collisions suspected Chosen-prefix collisions Practically proved for certificates with predictable serial numbers 2^50 9

10. SHA-1 problems General brute-force attack at 2^80 as about 12 characters complex password Some collisions found at 2^63 pure arithmetic collisions, no exploitation proved 10

11. PKI Design ALGORITHM COMBINATIONS

12. Performance considerations Asymmetric algorithms use large keys EC is about 10 times smaller Encryption/decryption time about 100x longer symmetric is faster

13. Digital Signature (not good) Document Document Private key

14. Digital Signature Document Hash Private key

15. Storage Encryption (slow) Document Public key

16. Storage Encryption Document Symmetric encryption key (random) Symmetric key Public key (User A)

17. Storage Encryption Document Symmetric encryption key (random) Symmetric key Symmetric key Public key (User A) Public key (User B)

18. Transport encryption Public key Server Client Symmetric Key Public key Data Symmetric Key

19. PKI Design FUN WITH RANDOM NUMBERS

20. Random Number Generators Deterministic RNG use cryptographic algorithms and keys to generate random bits attack on randomly generated symmetric keys DNS cache poisoning Nondeterministic RNG (true RNG) use physical source that is outside human control smart cards, tokens HSM hardware security modules

21. Random Number Generators CryptGenRandom() hashed Vista+ AES (NIST 800-900) 2003-DSS (FIPS 186-2) Entropy from system time, process id, thread id, tick counter, virtual/physical memory performance counters of the process and system, free disk clusters, user environment, context switches, exception count,

22. PKI Design STANDARDS

23. US standards FIPS Federal Information Processing Standards provides standard algorithms NIST National Institute for Standards and Technology approves the algorithms for US government non- classified but sensitive use latest NIST SP800-57, March 2007 NSA National Security Agency Suite-B for Secure and Top Secure (2005)

24. Cryptoperiods (SP800-57) Key Cryptoperiod Private signature 1 3 years Public signature verification >3 years Symmetricauthentication <= 5 years Private authentication 1-2 years Symmetricdata encryption <= 5 years Public key transport key 1-2 years Private/publickey agreement key 1-2 years

25. Comparable Algorithm Strengths (SP800-57) Strength Symetric RSA ECDSA SHA 80 bit 2TDEA RSA 1024 ECDSA 160 SHA-1 112 bit 3TDEA RSA 2048 ECDSA224 SHA-224 128 bit AES-128 RSA 3072 ECDSA256 SHA-256 192 bit AES-192 RSA 7680 ECDSA384 SHA-384 256 bit AES-256 RSA 15360 ECDSA512 SHA-512

26. Security lifetimes (SP800-57 and Suite-B) Lifetime Strength Level 2010 80 bit US Confidential 112 bit US Confidential 2030 128 bit US Secure 192 bit US Top-Secure Beyond2030 128 bit US Confidential

27. NSA Suite-B Algorithms NSA publicly published algorithms (2005) as against Suite-A which is private AES-128, ECDH-256, ECDSA-256, SHA-256 Secret AES-256, ECDH-384, ECDSA-384, SHA-384 Top Secret 27

28. PKI Design OPERATING SYSTEM SUPPORT

29. Cryptographic Providers Cryptographic Service Provider CSP Windows 2000+ can use only V1and V2templates Cryptography Next Generation CNG Windows Vista+ require V3templates enables use of ECC CERTUTIL -CSPLIST 29

30. Cryptographic Providers Type OperatingSystem Algos Template CSP Windows 2000 Windows 2003 AES, SHA-1, RSA v1, v2 CSP Windows XP SP3 Windows 2003 KB938397 AES, SHA-1, RSA, SHA-2 v1, v2 CNG Windows Vista AES, SHA-1, RSA, SHA-2, EC v3 30

31. SHA-2 Support Windows XP Windows 2003 + KB 938397 Windows Phone 7 AD CS on Windows 2008+ Autoenrollment on XP with KB TMG 2010 with KB in the future

32. Cryptography support System DES 3DES RC2 RC4 AES 128 AES 192 AES 256 MD2 MD5 HMAC SHA-1 SHA-256 SHA-384 SHA-512 ECDSA ECDH Windows 2000 yes no yes yes no no Windows XP yes yes yes yes yes no Windows 2003 yes yes yes yes non-public update yes no Windows Vista/2008 yes yes yes yes yes yes Windows 7/2008 R2 yes yes yes yes yes yes 32

33. Cryptography support System DES 3DES RC2 RC4 AES 128 AES 192 AES 256 MD2 MD5 HMAC SHA-1 SHA-256 SHA-384 SHA-512 ECDSA ECDH Windows Mobile6.5 yes yes yes yes no no Windows Mobile 7 yes yes yes yes yes yes TMG 2010 yes yes no SCCM 2007 yes no no SCOM 2007 yes yes no 33

34. Encryption EFS BitLocker IPSec Kerberos NTLM RDP LM password hash, NTLM DES 2000 + 2000 + 2000 + 3DES 2000 + 2000 + 2000 + RC4 2000 + 2000 + AES 2003 + Vista + Vista + Vista + DH 2000 + 2000 + RSA 2000 + Seven + 2000 + 2000 + 2003 + ECC Seven + Vista + Seven +

35. Hashing MD4 MD5 SHA-1 SHA-2 NT password hash NT4 + Digest password hash 2003 + IPSec 2000 + 2000 + Seven + NTLM NTLMv2 MS-CHAP MS-CHAPv2 35

36. CNG (v3) Not Supported EFS VPN/WiFi Client (EAPTLS, PEAP Client) Windows 2008/7- user or computer certificate authentication TMG 2010 server certificates on web listeners Outlook 2003 user email certificates for signatures or encryption Kerberos Windows 2008/Vista- DC certificates System Center Operations Manager 2007 R2 System Center Configuration Manager 2007 R2 SQL Server 2008 R2- Forefront Identity Manager 2010 (Certificate Management) Windows 2008/Vista-

37. PKI Design CA HIERARCHY

38. CA Hierarchy IDTT Root CA IDTT Roma CA IDTT London CA IDTT Paris CA Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate Leaf certificate

39. Offline Root Root CA cannot be revoked if compromised Making new RootCA trusted may be difficult Delegation of administration Must issue CRLs the more frequent the more secure, but more costly

40. Active Directory Group Policy every 120 minutes by default Trusted Root CAs Untrusted CAs NTAuth CA issues logon certificates

41. 41

42. PKI Design AD CS FEATURES

43. SKU Features SMTP Exit Module Role Separation Certificate Templates Autoenrollment Key Archival Cross-forest Enrollment Windows Server 2008 R2 Standard V1, V2, V3 Yes Yes No 2008 R2 Enterprise V1, V2, V3 Yes Yes Yes 2008 Standard V1 No No No 2008 Enterprise V1, V2, V3 Yes Yes No 2003 Standard V1 No No No 2003 Enterprise V1, V2 Yes Yes No 43

44. SKU Features Web Enrollment Web Services OCSP Responder SCEP Enrollment Windows Server Enrollment yes yes no no 2008 R2 Standard yes yes yes yes 2008 R2 Enterprise yes no no no 2008 Standard yes no yes yes 2008 Enterprise yes no no no 2003 Standard yes no no no 2003 Enterprise 44

45. Role Separation Enrollment Agent = Registration Authority sign cert request Certificate Managers approve cert requests Different groups of EA/CM approve requests for different groups of Enrollees

46. PKI Design PUBLIC CERTIFICATES

47. SSL Certificate prices Verisign 1999 300$ year Thawte 2003 150$ year Go Daddy 2005 60$ year GlobalSign 2006 250$ year StartCom 2009 free

48. EV Certificate prices Verisign 1999 1500$ year Thawte 2003 600$ year Go Daddy 2005 100$ year GlobalSign 2006 900$ year StartCom 2009 50$ year

49. Support for SAN and wildcards Application Supports * no yes Supports SAN Internet Explorer 4.0 and older Internet Explorer 5.0 and newer no yes Internet Explorer 7.0 yes yes, if SANpresentSubject is ignored Windows Pocket PC 3.0 a 4.0 Windows Mobile 5.0 Windows Mobile 6.0 and newer Outlook 2003 and newer no no yes yes no yes yes yes RDP/TS proxy yes yes, if SANpresentSubject is ignored ISA Server firewall certificate yes yes ISA Server 2000 and 2004 published server certificate no no ISA Server 2006 published server certificate yes yes, only the first SAN name 49

50. OCSP and Delta CRL System Checks OCSP Delta CRL Windows 2000 and older no no Windows XP and older no yes Windows Vista and newer yes, preffered yes Windows Pocket PC 4.0 and older no no Windows Mobile 5.0 no yes Windows Mobile 6.0 no yes Windows Mobile 6.1 and newer yes, preffered yes ISA Server 2006 and older no yes TMG 2010 and newer yes, preffered yes 50

Load More ...