All geek questions in one place

Is it possible to recover a cryptographic hash key?

We would like to cryptographically (SHA-256) hash the secret value in our database. Since we want to use this as a way to search for individual records in our database, we cannot use a different random salt for each encrypted value.

My question is: to provide unlimited access to our database, and given that the attacker knows at least one secret value and a pair of hashed values, can an attacker deploy a cryptographic key? IE, can an attacker cancel all hashes and determine all secret values?

It seems that this defeats the whole purpose of the cryptographic hash, if so, so maybe I'm missing something.

+4
source share
5 answers

In short, yes .

+4
source

There are no published β€œfirst preview images” on the SHA-256. Without such an attack, to open a shortcut, an attacker will not be able to recover a secret value from his SHA-256 hash.

However, the mention of a "secret key" may indicate some confusion regarding hashes. Hash algorithms do not use a key. Thus, if the attacker was able to attack one pair of "secret value and hash value", he would not recognize the "key", which would allow him to easily invert the remaining values ​​of the hash function.

When a hash is successfully attacked, this usually happens because the original message was from a small place. For example, most passwords are selected from a relatively short list of real words, possibly with some simple permutations. Thus, instead of systematically checking every possible password, the attacker begins with an ordered list of several billion of the most common passwords. To avoid this, it is important to choose a "secret value" randomly from a large space.

There are message authentication algorithms that contain a secret key along with some data. These algorithms are used to protect message integrity from unauthorized access. But they do not help to prevent attacks with a preliminary image.

+6
source

No, the SHA hash is not reversible (at least not so easily). When you do something, if you need to cancel it, you need to restore the hash. This is usually done using a private (salt) and public key.

For example, if I try to prevent access based on my user ID. I would haveh my user id and salt. For example, say MD5. My user id is β€œ12345” and the salt is β€œabcde”

So, I will make a hash string "12345_abcde" which returns a hash from "7b322f78afeeb81ad92873b776558368"

Now I will pass the hash and the public key, β€œ12345”, which is the public key and has to the validating application.

The validating application knows the salt, so it has the same meanings. "12345_abcde", which in turn will generate an accurate hash. Then I compare the hash that I checked with the one that passed, and they match. If I somehow changed the public key without changing the hash, another would be generated, which would lead to a mismatch.

+1
source

Yes, perhaps, but not in this life.

0
source

Modern brute force attacks using multiple GPUs can crack this in a short time. I recommend that you follow the password retention rules for this application. Below are the current rules for storing passwords from OWASP . They currently recommend a long salt value, and PBKDF2 with 64,000 iterations, which iteratively stretches the key and makes it computationally difficult for the brute force of the input values. Please note that this will also make it computationally difficult for you to generate your key values, but the idea is that you will generate keys much less often than an attacker will have to. However, your design requires far more key insights than a typical password storage and storage application, so your design can be deadly wrong. Also keep in mind that the iteration counter must double every 18 months in order for computational complexity to comply with Moore's law. This means that your system will need some way to allow you to rephrase these values ​​(perhaps by combining hash methods). Over time, you will find that the old HMAC functions are broken by cryptanalysts, and you should be prepared to update your algorithms. For example, one iteration of MD5 or SHA-1 was enough, but this is no longer the case. There are other HMAC features that can also satisfy your needs that PBKDF2 (like bcrypt or scrypt, for example) will not require, but PBKDF2 is currently the industry standard that has gained the most control. It can be argued that bcrypt or scrypt would also be suitable, but this is another reason why you should use a plug-in scheme that allows you to update HMAC features over time.

0
source

Source: https://habr.com/ru/post/1301851/

More articles:


All Articles