±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 35980
New Yesterday: 5 Visitors: 166

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Child Exploitation Hash Sets

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4 
  

PaulSanderson
Senior Member
 

Re: Child Exploitation Hash Sets

Post Posted: Sep 16, 16 22:01

- tracedf
all forensic products and hash sets would need to move away from MD5 and adopt another hash algorithm.


Or maybe for just those investigations that rely solely on a hash.

Unless things have changed since I last did lots of investigations (quite possible).

Hashsets were used to identify the positives - which were then reviewed as there have always been a few spurious files in any hashset and sometimes classification baselines change.

Then the remainder of the images where either ignored or manually classified.

So even if poisoned images do start appearing - those that are found would be ruled out by someone having alook at the image before a charge was made.
_________________
Paul Sanderson
SQLite Forensics Book
www.amazon.com/SQLite-...entries*=0

Forensic Toolkit for SQLite
sandersonforensics.com...for-SQLite 
 
  

jaclaz
Senior Member
 

Re: Child Exploitation Hash Sets

Post Posted: Sep 17, 16 00:14

- tracedf

That's not possible given any of the currently known attacks on MD5 or SHA-1. There are two basic criteria for a hash function:


I have no idea (and I don't want to know) which hash algorithm the "known hashsets" use.

IF it is MD5, it is relatively easy (and cheap) to create a collision:
natmchugh.blogspot.it/...e-md5.html

I found that I was able to run the algorithm in about 10 hours on an AWS large GPU instance bringing it is at about $0.65 plus tax.


@PaulSanderson
Sure Smile , no risk of jailing an innocent.

The fun of the (fictitious/hypothetical) collision making "attack" would be exactly that of having the investigators go through thousands of false positive lolcats.


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

tracedf
Senior Member
 

Re: Child Exploitation Hash Sets

Post Posted: Sep 17, 16 07:26

- jaclaz

IF it is MD5, it is relatively easy (and cheap) to create a collision:
natmchugh.blogspot.it/...e-md5.html
...
jaclaz


That's for collisions not pre-images. The distinction is that a pre-image matches a known hash value either by recreating the original input or by finding another input to match the same hash. The known, practical attacks on MD5 do not do this; instead, they work two find two inputs with the same hash but are able to modify either input.

Finding a preimage for a specific hash is a much harder problem.  
 
  

jaclaz
Senior Member
 

Re: Child Exploitation Hash Sets

Post Posted: Sep 17, 16 13:43

- tracedf

That's for collisions not pre-images. The distinction is that a pre-image matches a known hash value either by recreating the original input or by finding another input to match the same hash. The known, practical attacks on MD5 do not do this; instead, they work two find two inputs with the same hash but are able to modify either input.

Finding a preimage for a specific hash is a much harder problem.

Sure, the practical result of the given experiment is two (actually three) images with the same hash, which is all that is needed to make m00t of MD5 hashes as a method of "recognizing" images, because (in theory) the bad guys could produce a number of specially crafted "real CP" images, and once they become part of the hashset, start feeding specially crafted lolcats with corresponding hashes.

The fact that pre-image breaking is much harder (which is obviously a good thing Smile ) only avoids that a document that you created and hashed might be substituted by one with the same hash (because creating this latter document is impossible or too "processing heavy") but in this case the creators of the documents/images are unknown, the hashes are (presumably) added to the hashset as soon as they are "seen in the wild", so there is no control on the making of the initial document/image and thus the hash might be "contaminated".

The "Nostradamus" (nice BTW) POC about US Presidential Elections 2008:
www.win.tue.nl/hashcla...stradamus/
works this way.

Possible? Yes.
Probable or going to happen soon? No.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

redcat
Senior Member
 

Re: Child Exploitation Hash Sets

Post Posted: Sep 20, 16 15:27

I'm not sure which I find less credible:

1. An IIOC case is reviewed exclusively on whether data pinging against some known hash sets is present (so any new stuff just gets ignored presumably?) and otherwise it all gets overlooked - please please tell me nobody is doing this or anything like this! Hashing should be used exclusively for indicative white/blacklisting i.e. at best a timesaver prior to proper filtering and searching.

2. A suspect is sufficiently technically savvy to understand file hashing, obtain LE hash sets, compare them against his or her data, and then slightly modify his or her library of IIOC material as necessary to not flag anything when the device gets seized and investigated by the criminally lazy investigator in (1.)... and yet doesn't think to use extremely strong encryption/duress passwords etc, which, let's face it, are going to give most investigators far more of a headache than the fact your hash sets aren't pinging known IIOC.

Ahh, the rabbit holes we can go down when we completely ignore reality...  
 
  

Chris_Ed
Senior Member
 

Re: Child Exploitation Hash Sets

Post Posted: Sep 20, 16 16:49

- redcat
1. An IIOC case is reviewed exclusively on whether data pinging against some known hash sets is present (so any new stuff just gets ignored presumably?) and otherwise it all gets overlooked..


Nobody is saying this in this thread.

2. A suspect is sufficiently technically savvy to understand file hashing.. etc.


Of course, encryption is absolutely a better way to hide your data, and I doubt that any single person would take the time to alter their images in such a way - but even if this single use case is unlikely to occur, IMO it is still in the interest of LE not to publicly provide such hash sets.

Ahh, the rabbit holes we can go down when we completely ignore reality...

Snark noted and appreciated, thumbs up. Smile  
 
  

redcat
Senior Member
 

Re: Child Exploitation Hash Sets

Post Posted: Sep 20, 16 17:21

- Chris_Ed
IMO it is still in the interest of LE not to publicly provide such hash sets.


I agree with everything you have said (you are always welcome for the snark) apart from this. A pure list of SHA256 / MD5 strings is of little to no value to somebody looking to employ counterforensics, in my opinion. That said, I'm in LE and have no intention of sharing any hashes that aren't already openly available with anybody, because that seems like the correct thing to do.  
 

Page 4 of 4
Page Previous  1, 2, 3, 4