Skip to content

Sha256 vulnerability for full rounds. Circular hash attack.

License

Notifications You must be signed in to change notification settings

laie/WorldsFirstSha2Vulnerability

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 

Repository files navigation

WorldsFirstSha2Vulnerability

Sha256 vulnerability for full rounds. A Circular hash attack(known as fixed point).

Proof

Run proof.py to check my work

Concepts

Free-start collision attack

A collision attack where hackers cannot control the input hash.

Circular hash attack

Finding input_hash and message_block which makes input_hash=output_hash. In certain cases, it can result infinite set of collisions by chaining arbitrary number of circular blocks. So, this attack makes one hash value permanently vulnerable to collisions. So, I decided not to publish another works.

Attack methods

I developed an entirely new type of cryptanalysis theory to achieve this. It has a similar form comparing to differential analysis. Individuals found ways to reproduce this vulnerbility using SAT software. It's an another approach, not done by my method.

Clarifications

I've been noticed by several individuals, thus 'circular hash attack' isn't the world's first type of attack. So, I fixed the description. Quiet sad :(

Some people told me it's easy to find fixed points for Davies-Meyer structure, so, it's easy to find circular hash of SHA256's. For it, I cannot clarify at some degrees. First, SHA256's not exactly a Davies-Meyer. Secondly, finding fixed points for such structures, claimed to be 'easy', has complexity above 2^(n/2), according to Wikipedia. It's still an infeasibly hard problem.

About

Sha256 vulnerability for full rounds. Circular hash attack.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages