The b2sum utility is nice because it is fast and believed to be cryptographically secure. It is faster than sha512sum which is itself surprisingly faster than sha256sum or sha224sum. I'm guessing the latter two are slow because 32-bit rotations are slow on 64-bit machines.
b2sum can compute hashes of user-specified length, defaulting to 512 bits. There's probably a vulnerability in this feature: an unsuspecting user (perhaps a machine) simply runs "b2sum -c" on a checksum file to verify the checksums without actually looking at the checksum file to see if it looks fishy, which it is. The checksum file has maliciously short hashes, but the b2sum simply reports "OK" because the short hashes are correct. Better would have been if b2sum reports e.g., "OK (8 bits)" if the number of bits is less than 512. Future post: more about b2sum.
We have not specified a scenario in which surreptitiously maliciously short hashes cause harm, though we suspect such a scenario exists. However, it seems the recipient needs to simultaneously both trust and not trust the sender and channel.
Below is a demonstration of running b2sum over all 64 hash lengths it supports from 8 to 512 bits, computing each time the hash of the empty file (a file of length 0 bytes). Note that shorter hashes are not simply truncations of longer. Concatenating all the hashes is probably not a good idea, but if one did, it would sum to 16640 bits or 2080 bytes.
Challenge: find second preimage strings for these hashes. Barring cryptanalytic breakthroughs, each line is 256 times more difficult than the previous line. Some solutions to the first 4 are: 177 25583 8834423 11830615917. Note that these solutions are ASCII strings composed of digit characters. For example:
$ echo -n 11830615917 | b2sum -l 32
1271cf25 -
The output matches the 4th line below.
Interpreting the solutions as numbers conveniently gives how many strings we had to search before finding the desired second preimage. We were a little bit unlucky that it took so long to find the 32 bit preimage. We used Crypto.Hash.BLAKE2.BLAKE2b in the blake2 Haskell package to search; this was much faster than invoking b2sum 11 billion times.
$ for i in $(seq 8 8 512) ; do b2sum -l $i /dev/null ; done
2e /dev/null
b1fe /dev/null
cec7ea /dev/null
1271cf25 /dev/null
7d64c5272e /dev/null
ddd9c40767f9 /dev/null
4e9b03474eda9a /dev/null
e4a6a0577479b2b4 /dev/null
d6bd6fc9a3324e5f32 /dev/null
6fa1d8fcfd719046d762 /dev/null
eb6ec15daf9546254f0809 /dev/null
b8e1dda3ac0aa3820ad2990b /dev/null
50b4dc6f148a3f25b974e5c829 /dev/null
4b1f3c22056a5cf9a3300407d264 /dev/null
b7db87196c483405e40f8401fa1fc9 /dev/null
cae66941d9efbd404e4d88758ea67670 /dev/null
246c0442cd564aced8145b8b60f1370aa7 /dev/null
91a1a481a82eb3f3e6262de11f142d234945 /dev/null
35bd4214446fda5ce2e05015f1ba43e26f1b96 /dev/null
3345524abf6bbe1809449224b5972c41790b6cf2 /dev/null
077d8272052a6edfff4047461c3a2b3d9d330dbbf0 /dev/null
1065c75a5ab372acff0b521808a4766c70b12b10ad8c /dev/null
e30b37bb45ad2f1954a0ab31666f909df8d4eabd6933e9 /dev/null
ab3b5331a7135ed50d0f182d026e60abdb3646fd51bcf8a3 /dev/null
94165bbe7a8a0f49fad8c1b39c40b7dd613409378dcc47681f /dev/null
7895f50fee886d460f321601da8d2db483a08c0264cd8ff3617e /dev/null
b41793f77a58236ee36d36570bcd14cf00ba6a443c6c5bd4bb9eaf /dev/null
836cc68931c2e4e3e838602eca1902591d216837bafddfe6f0c8cb07 /dev/null
a10eae68c06d70c597699d656d6ae213430569f9c62e04cd2fc3a0c1bf /dev/null
a5d6d5975d09c76462b3f9c74f9568d9f9fd46dfbdcbf3f14bc835298b22 /dev/null
b4d7d8f500d546e71fe03f080b6bfefd567a0aa97e84bdb2cf8b15d1867c00 /dev/null
0e5751c026e543b2e8ab2eb06099daa1d1e5df47778f7787faab45cdf12fe3a8 /dev/null
ddca500c4d28f7f2816de1574f840e4878c1c5aa30c149745e0149273b214c359d /dev/null
90933ab63c7665e2bd6431e496ec60d38839fbec78e33aae2c152c073f64264bdab9 /dev/null
148833bb2bfcc18b9e90024eaeecc0a96027a777761e0b9c93d6642937bb4b8705e218 /dev/null
92f3592c601fe36aa32c62e305f965905a2982dee6a45c09011ddf05f9cf9b7b5609414f /dev/null
6d82c523a958c2b00e42701be980963438d5f40572c70d3d723c03ddebdb74575866f3adbb /dev/null
dc5abbc8c533139ba5873c9562868914e501b13aadc59c143d1bfe97cbcb5fab5b65ed488158 /dev/null
61a54c550005791e4726043fbfc347bb8952e520818157aeaf0d0f877c51950e06ff3157d02a6f /dev/null
2e316d2c76c9760df1e604e4ffd1aa5ac6c6ac50aaa8071f7313ea931e205da084bbae9a2019f6aa /dev/null
592c90e91f3187c352649476b86bba76c128433e6f3ac8c75710042f4b310e1c7aea39b0aff9b51bd3 /dev/null
f564703984efb278dfb04536d0bf4b86a17e8a9847104f773b81835ffc60b343a364e224e36552728dd6 /dev/null
5112353efd2617941caf7de611f152ac7b6fbacfb682aa43ecb707c8977ae8f307e50da1942c6eed777082 /dev/null
b2e01f2639b7e74abab0bb7e88f7ab7ae94ba6292c3a42537ca288635259a50edd9c7d7a1c7b8d2e2f86848e /dev/null
fa9d9e37d6fe09eb8116510fadb9c61cc59e332d46cc4a365e72edc733188f08be9c0894b6dbb06023ff312506 /dev/null
d47deb78c6d8db06e3b38d8faa368d22cbab03cbfb2b3ad201be5729ab454278007f76dcdb14de4eb38958745f77 /dev/null
e4ac268b5be19d515b8ddd90bc7e89100f875fa994517409907cb6f3c6eefacc3890c84dd3e91cd2886eb57033c749 /dev/null
b32811423377f52d7862286ee1a72ee540524380fda1724a6f25d7978c6fd3244a6caf0498812673c5e05ef583825100 /dev/null
a993b7c6dbd66f7a45487707d7e3eda19201f7fec9dcf1ae3c0a66eb4be4d21ed8af10490cef0c3168e9ff0dcfb5dcd651 /dev/null
3189e5764c09a2f5d1d9f5cb1967ebd3dfeade9c62af8bb0dc032bb3e90dd1e760fbaba8956f97c7602d0a2ec162169ef219 /dev/null
31635ed8064b99e056ed7009905673c986944a718c6e5935e7eeb67652550d56fe7ec110a383ef94ef7977be456a44503434ad /dev/null
f4e2de2be49787b13e0b38c0d02578b78a76f6c8fc48948c00f67812bd6c9ceaff17b04617532862be3cb251524b93d83a266e35 /dev/null
e3af5d079bce8fbbad6f5047d77025b8e100d91ecc066fa525d290ef6a867f93b2798769067f8790df954682011617a68d7169ef15 /dev/null
0668149330f455fe58c70d209cff452742cc1125eee5e1d67af18e9b2a67b5ca6973940135341c2807c9237295ec0a0d173dbc28f687 /dev/null
89c4f154fddb635864729c086c40ff2e574ef4fa1ab592d9bee584693852cfeee57c743b9a8771443e522f454218b260838c0a913d29e5 /dev/null
e7d2cb731e704ab61a3fa0ddd3bb3a6bfe3c3bc03b2c80a7545a0c9cedb575dfaa6821be9879e9ecd24350297f14470ad3d1cd2d19f27fbf /dev/null
a6e2604d330fa35f9f97cb89a4160928704e058f1aa0badc51b6e16afa943362fc1b32a4d79138b8103dfcad3239de59c17a267e72f7a0693e /dev/null
f3cc91641a39f6acada71544227505ae109b8c86c2f5fc3c4b7265c64ca6e99967824cea78f6ffb9a0851c86aa52b28ba3352164eedfefc80ddd /dev/null
cf1335ff92a6710c3cfa3dd8ac8c7a435aece775997bdaa1ac57276b0fa16b9a5f1f78a334eefafd0bc9d9cafa6633ba7abed8f67ce8d287af1822 /dev/null
22f194f655ea58d7fefe35b09c91c91cf5e1a4047181ea7cd7674e597be65f6541fa1fdddf404e7851b1d471478048d550546d14d88345fb422c19f6 /dev/null
d10c86444347b9bbb839717bc3161a10412c52fd2eb52c0a08fcd4c1f091801c0b2b09c74d716f4874761ec1b11afd66be0e13b129b6bc877720f2c7fd /dev/null
50e5578cdbe722b76b9b7d629aec8fb4926b4073da62774e64cafa1b33627c24d70009660e784558b3daa7a65b6841976c41cf3d6891ea1ccdd10894e64d /dev/null
4ded8c5fc8b12f3273f877ca585a44ad6503249a2b345d6d9c0e67d85bcb700db4178c0303e93b8f4ad758b8e2c9fd8b3d0c28e585f1928334bb77d36782e8 /dev/null
786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce /dev/null
No comments :
Post a Comment