Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Activity 12-3: Creating a Rogue Server Certificate by Breaking a Hashing Algorit

ID: 3743124 • Letter: A

Question

Activity 12-3: Creating a Rogue Server Certificate by Breaking a Hashing Algorithm
Time Required: 30 minutes Objective: Investigate what attackers can do with the results of an MD5
collision.
Description: Collisions for hashing algorithm have been more of a theoretical threat, but computing power that could find collisions is getting closer to being a reality. As of this writing, experts estimate that a SHA-1 collision would cost between $75,000 and $120,000 with rented equipment from Amazon Web Services (AWS). Collisions in MD5 have been demonstrated for more than a decade, however. Until recently, even some well-known CAs used MD5 to generate Web server SSL certificates. In this activity, you research what’s pos- sible when smart researchers decide to call attention to a major security problem on the Internet.

Explanation / Answer

Q1) Investigate what attackers can do with the results of an MD5 collision.

The MD5 algorithm is reported prone to a hash collision weakness. This weakness reportedly allows attackers to create multiple, differing input sources that, when the MD5 algorithm is used, result in the same output fingerprint.
It has been demonstrated that attackers can create multiple input sources to MD5 that result in the same output fingerprint. Reportedly, at this time, attackers cannot generate arbitrary collisions. At this time, it is also reported that only a very limited number of individual bits in an input message may be altered while maintaining an identical output fingerprint.


This weakness may allow attackers to create two messages, or executable binaries such that their MD5 fingerprints are identical. One of these messages or binaries would be innocent, and the other malicious. The innocent message or binary may be digitally signed, and then later would have the malicious file substituted into its place. This attack may allow malicious code to be executed, or non-repudiation properties of messages to be broken. At this time, preimage attacks are not reportedly possible.

It is recommended that cryptosystems that utilize the MD5 algorithm should be reviewed, and the measures should be taken to protect against this weakness. Other hashing algorithms may possibly be utilized in replacement to, or in conjunction with MD5 to decrease the likelihood of a successful attack.

Please let me know in case of any clarifications required. Thanks!

Related Questions

Activities and Due Dates | Pre-lecture Assignment (PLA) 02 (extra credit El Paso
Question #1023523
Activities and Due Dates> ryan Campus-CHEM 1412 Section 401 -Summer18 Session II
Question #636257
Activities and Due DatesCh14 HW West -CHM 101 (TTh300)-Fall17-PINTER Grade! 11/3
Question #589268
Activities and Questions Bone Function 1: Supporting internal organs One can ima
Question #220331
Activities are seldom conducted under ideal environmental conditions. Heat, cold
Question #174585
Activities at Work After several years serving as a respected department directo
Question #123331
Activities for 3 Economies of the World 1. Name the 3 economies of the world tod
Question #1118678
Activities for 3 Economies of the World 1. Name the 3 economies of the world tod
Question #1119002
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Activity 12 Part II. Mass Calculations in Stoichiometry Write and balance the ch
Next
Activity 12.3: Case study- The Painful Limb (12 pts) Irene, an older woman, has

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.