±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 36006
New Yesterday: 0 Visitors: 141

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

SHA-1 SHA-256 SHA-512??

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

Jonathan
Senior Member
 

Re: SHA-1 SHA-256 SHA-512??

Post Posted: Mar 06, 11 00:27

- mscotgrove
The software I have developed has MD5 hash values. I have received requests to include SHA-??.

Does anyone have views on which would be considered most useful. SHA-1 is very common, but is the extra security of SHA-256 and SHA-512 actually worth the effort.

Academics seem keen to point out that MD5 and SHA-1 have been broken, but has this ever been critical in a court case?


What's the software designed to do? How does it use hash values?

Without knowing it's not easy to say which would be most useful.
_________________
Forensic Control
twitter.com/ForensicControl
St Bride Foundation, 14 Bride Lane, London, EC4Y 8EQ 
 
  

indur
Senior Member
 

Re: SHA-1 SHA-256 SHA-512??

Post Posted: Mar 06, 11 00:55

In forensics, what you're usually worried about is a preimage attack. That is, you take the hash value of a file or a disk at one point in time. What you want to show is that no reasonable manipulation of the bits in the file or disk will result in the same hash value that was previously computed.

The weakness that has been demonstrated for MD5 and SHA1 is a collision attack, which is the ability to create two files that have the same hash value. This means being able to manipulate both files. (The collision attacks that have been demonstrated require being able to insert arbitrary, variable-length binary data. In most well-defined file formats, such as JPEG images, this is easy to detect forensically.)

So the risk to forensics of MD5 weaknesses is negligible (other than the risk of having to explain this to a layperson), since the way that the hash functions are used is different than the way they must be used for the weakness to be exploited. The major risk is that, since a collision attack has been found, a preimage attack will be discovered in the future.  
 
  

mgilhespy
Senior Member
 

Re: SHA-1 SHA-256 SHA-512??

Post Posted: Mar 06, 11 02:12

Azrael thanks, I found your follow up post very interesting.
_________________
'Tis with our judgments as our watches, none
Go just alike, yet each believes his own. 
 
  

markg43
Senior Member
 

Re: SHA-1 SHA-256 SHA-512??

Post Posted: Mar 06, 11 12:44

DOJ currently only requires MD5 hash as sufficient. If you want to future proof a little, then SHA-1 and 256.

In my work, the software I use makes MD5/SHA1 automatically. Works for me, in order to invalidate my evidence you would have to break both algorithms on the SAME file.

To my knowledge, the eggheads have not done that yet. Please correct me if I am mistaken anyone. Preferable with a link.  
 
  

mgilhespy
Senior Member
 

Re: SHA-1 SHA-256 SHA-512??

Post Posted: Mar 06, 11 13:17

Can any Australian members comment on whether this ruling back in 2005 has had any ongoing influence?

The NSW Roads and Traffic Authority (RTA) concedes that a court's decision to throw out a traffic infringement case had created "some uncertainty" about speed camera detection.
...
...
RTA lawyers told the court they could not find an expert to prove the authenticity of mathematical algorithms published on each picture.

The algorithms known as MD5 are used as a security measure to prove the pictures have not been altered after they are taken.


Link MD5 doubts in Oz?
_________________
'Tis with our judgments as our watches, none
Go just alike, yet each believes his own. 
 
  

Patrick4n6
Senior Member
 

Re: SHA-1 SHA-256 SHA-512??

Post Posted: Mar 08, 11 04:34

Aussie and although living in the US I'm au-fait with Oz law and was working LEO forensics in another state in Oz when that case occurred. That case doesn't prove anything other than if you don't have your witnesses lined up, don't bother going to court. I don't see in the article that it was dismissed with prejudice, which means that the govt can get their ducks in a row and do over.

And back to the MD5 issue as posted:

Hashing has 2 functions in forensics: validating your images haven't broken / been tampered; and KFF. There is no protection in the world that's going to defend you against a malicious examiner, especially not MD5, since if one were to plant or falsify evidence, they would merely need to do so before the initial hash. MD5 is more a check that your images haven't been corrupted, requiring the examiner to go back to their original image and re-make another working image. As for KFF, only an idiot would submit evidence based purely upon a match and not hit it with a Mark 1 Eyeball.

Hashing is always in my experienced combined with another method to verify, e.g. source hash with a good chain of custody process, and KFF with a visual inspection, meaning that more than a possible exploit of the MD5 algorithm is needed to invalidate it.
_________________
Tony Patrick, B. Inf Tech, CFCE
www.patrickcomputerfor...s.com/blog
www.twitter.com/Patrick4n6 
 

Page 2 of 2
Page Previous  1, 2