Chosen-prefix Collision Attack
An extension of the collision attack is the chosen-prefix collision attack, which is specific to Merkle–Damgård hash functions. In this case, the attacker can choose two arbitrarily different documents, and then append different calculated values that result in the whole documents having an equal hash value. This attack is much more powerful than a classical collision attack.
Mathematically stated, given two different prefixes p1, p2, the attack finds two appendages m1 and m2 such that hash(p1 ∥ m1) = hash(p2 ∥ m2) (where ∥ is the concatenation operation).
In 2007, a chosen-prefix collision attack was found against MD5, requiring roughly 250 evaluations of the MD5 function. The paper also demonstrates two X.509 certificates for different domain names, with colliding hash values. This means that a certificate authority could be asked to sign a certificate for one domain, and then that certificate could be used to impersonate another domain.
A real-world collision attack was published in December 2008 when a group of security researchers published a forged X.509 signing certificate that could be used to impersonate a certificate authority, taking advantage of a prefix collision attack against the MD5 hash function. This meant that an attacker could impersonate any SSL-secured website as a man-in-the-middle, thereby subverting the certificate validation built in every web browser to protect electronic commerce. The rogue certificate may not be revokable by real authorities, and could also have an arbitrary forged expiry time. Even though MD5 was known to be very weak in 2004, certificate authorities were still willing to sign MD5-verified certificates in December 2008, and at least one Microsoft code-signing certificate was still using MD5 in May 2012.
The Flame malware successfully used a new variation of a chosen-prefix collision attack to spoof code signing of its components by a Microsoft root certificate that still used the compromised MD5 algorithm.
Read more about this topic: Collision Attack
Famous quotes containing the words collision and/or attack:
“I know my fate. One day my name will be tied to the memory of something monstrous—a crisis without equal on earth, the most profound collision of conscience, a decision invoked against everything that had previously been believed, demanded, sanctified. I am no man, I am dynamite!”
—Friedrich Nietzsche (1844–1900)
“Philosophy can be compared to some powders that are so corrosive that, after they have eaten away the infected flesh of a wound, they then devour the living flesh, rot the bones, and penetrate to the very marrow. Philosophy at first refutes errors. But if it is not stopped at this point, it goes on to attack truths. And when it is left on its own, it goes so far that it no longer knows where it is and can find no stopping place.”
—Pierre Bayle (1647–1706)