[Cryptography] The computer forensics world still using SHA-1
Ángel
angel at crypto.16bits.net
Wed Aug 18 19:22:07 EDT 2021
I'm not up-to-date with that, but AFAIK, there are disk cloners -for
many years now- that output SHA-256.
On 2021-08-18 at 01:23 -0400, Phillip Hallam-Baker wrote:
> These are Merkle-Damgard constructions, so if MD5 can be broken and
> SHA-1 can be broken, breaking both is simply a matter of breaking
> them in different blocks. Easy.
>
> Sure, the physical chain of custody is a backup. But if the defense
> is alleging the materials were tampered with, show the hash is broken
> and the case is toast.
The weak hashes are like a 101 class, particularly since it's so easy
to fix, but I suspect that from a legal point of view, the importance
is mostly academic. The two images would only differ in a few bits, so
the second one would be discoverable with a (good) forensic analysis.
Plus, assuming that the party that tampered with the evidence had no
prior access to the system, they would need to find a preimage, so
those hashs aren't THAT bad.
That said, it would be funny to create an image pair with colliding MD5
and SHA1 which showed a desktop and e.g. pong.
Best regards
More information about the cryptography
mailing list