DIG DEEPER TO FIND WATER & NOT WIDER -P.M.PATEL

Saturday, May 27, 2023

Stop Using MD-5, Now!

TL;DR: Don't use MD-5 to identify malware samples. Believe me, it is a bad idea. Use SHA-256 or a stronger hash function.

This post is dedicated to all malware researchers, still using MD-5 to identify malware samples.

Before deep-diving into the details, let me explain my view on this topic. Whenever you want to identify a malware, it is only OK to publish the MD-5 hash of the malware if you post at least the SHA-256 hash of the malware as well. Publishing only the MD-5 hash is unprofessional. If you want to understand why, please continue reading. If you know about the problem, but want to help me spread the word, please link to my site www.stopusingmd5now.com.

By writing articles/posts/etc. and publishing the MD-5 hash only, it is the lesser problem that you show people your incompetency about hash functions, but you also teach other people to use MD-5. And it spreads like a disease... Last but not least, if I find a sample on your blog post, and you use MD-5 only, I can't be sure we have the same sample.

Here is a list to name a few bad examples (order is in Google search rank order):


Introduction to (cryptographic) hash functions

A long time ago (according to some sources since 1970) people started designing hash functions, for an awful lot of different reasons. It can be used for file integrity verification, password verification, pseudo-random generation, etc. But one of the most important properties of a cryptographic hash function is that it can "uniquely" identify a block of data with a small, fixed bit string. E.g., malware can be identified by using only the hash itself, so everybody who has the same malware sample will have the same hash; thus they can refer to the malware by the hash itself.

It is easy to conclude that there will always be collisions, where a different block of data has the same result hashes. The domain (block of data) is infinite, while the codomain (possible hash values) is finite. The question is how easy it is to find two different blocks of data, having the same hash. Mathematicians call this property "collision resistance." Proper cryptographic hash functions are collision-resistant, meaning it is impractical or impossible to find two different blocks of data, which have the same hash.

In 1989 Ronald Rivest (the first letter in the abbreviation of the RSA algorithm) designed the MD-2 hashing algorithm. Since 1997 there are publications about that this hashing algorithm is far from perfect.

In 1990 Ronald Rivest designed the MD-4 algorithm, which is considered as broken at least from 1991. But MD-4 is still in use from Windows XP until Windows 8 in the password protocol (NTLM). Unfortunately, there are more significant problems with NTLM besides using MD-4, but this can be the topic of a different blog post.

In 1991 (you might guess who) designed yet another hashing algorithm called MD-5, to replace MD-4  (because of the known weaknesses). But again, in from 1993 it has been shown many times that MD-5 is broken as well. According to Wikipedia, "On 18 March 2006, Klima published an algorithm [17] that can find a collision within one minute on a single notebook computer, using a method he calls tunneling". This means, that with the 8 years old computing power of a single notebook one can create two different files having the same MD-5 hash. But the algorithms to generate collisions have been improved since, and "a 2013 attack by Xie Tao, Fanbao Liu, and Dengguo Feng breaks MD-5 collision resistance in 2^18 time. This attack runs in less than a second on a regular computer." The key takeaway here is that it is pretty damn hard to design a secure cryptographic hash function, which is fast, but still safe. I bet that if I would develop a hash function, Ron would be able to hack it in minutes.

Now, dear malware researcher, consider the following scenario. You as, a malware analyst, find a new binary sample. You calculate the MD-5 hash of the malware, and Google for that hash. You see this hash value on other malware researchers or on a sandbox/vendor's site. This site concludes that this sample does this or that, and is either malicious or not. Either because the site is also relying solely on MD-5 or because you have only checked the MD-5 and the researcher or sandbox has a good reputation, you move on and forget this binary. But in reality, it is possible that your binary is totally different than the one analyzed by others. The results of this mistake can scale from nothing to catastrophic.

If you don't believe me, just check the hello.exe and erase.exe on this site from Peter Sellinger. Same MD-5, different binaries; a harmless and a (fake) malicious one... And you can do the same easily at home. No supercomputers,  no NSA magic needed.

On a side-note, it is important to mention that even today it can be hard to find a block of data (in generic), if only the MD-5 hash is known ("pre image resistance"). I have heard people arguing this when I told them using MD-5 as a password hash function is a bad idea. The main problem with MD-5 as a password hash is not the weaknesses in MD-5 itself, but the lack of salt, lack of iterations, and lack of memory hardness. But still, I don't see any reason why you should use MD-5 as a building block for anything, which has anything to do with security. Would you use a car to drive your children to the school, which car has not been maintained in the last 23 year? If your answer is yes, you should neither have children nor a job in IT SEC.

Conclusion

If you are a malware researcher, and used MD-5 only to identify malware samples in the past, I suggest to write it down 1000 times: "I promise I won't use MD-5 to identify malware in the future."

I even made a website dedicated to this problem, www.stopusingmd5now.com . The next time you see a post/article/whatever where malware is identified by the MD-5 hash only, please link to this blog post or website, and the world will be a better and more professional place.


PS: If you are a forensics investigator, or software developer developing software used in forensics, the same applies to you.
PS 2: If you find this post too provocative and harsh, there is a reason for this ...

Update: I have modified two malware (Citadel, Atrax) with the help of HashClash, and now those have the same MD-5. Many thanks for Marc Stevens for his research, publishing his code, and help given during the collision finding.

Related news


  1. Hacking Tools
  2. New Hack Tools
  3. Ethical Hacker Tools
  4. Hacking Tools For Beginners
  5. Hacking Tools For Games
  6. Pentest Tools Free
  7. Hackers Toolbox
  8. Pentest Tools
  9. Hack Tool Apk No Root
  10. Hack Tools For Pc
  11. Hacker Security Tools
  12. Bluetooth Hacking Tools Kali
  13. Pentest Tools Bluekeep
  14. Hacker Tools For Ios
  15. Nsa Hacker Tools
  16. Hack Tools For Games
  17. Hackrf Tools
  18. Pentest Tools Open Source
  19. Hacking Tools For Pc
  20. How To Hack
  21. Hack Tool Apk
  22. Hack Tools Github
  23. Hacker Tools Apk
  24. Hacking Tools Windows
  25. Pentest Tools Website Vulnerability
  26. Hack And Tools
  27. Termux Hacking Tools 2019
  28. Pentest Tools Download
  29. Hacker Tools 2020
  30. Hack Apps
  31. Pentest Tools Tcp Port Scanner
  32. Usb Pentest Tools
  33. Hack Tools For Ubuntu
  34. Hack Tools Download
  35. Easy Hack Tools
  36. Hacking Tools For Windows Free Download
  37. Hacker
  38. Android Hack Tools Github
  39. Best Hacking Tools 2019
  40. Hacking Tools Windows
  41. Pentest Tools Find Subdomains
  42. Pentest Tools Website
  43. Pentest Automation Tools
  44. Hack Tool Apk
  45. Bluetooth Hacking Tools Kali
  46. Hack Tools For Games
  47. Hack Tools For Pc
  48. Free Pentest Tools For Windows
  49. Hack Tools For Pc
  50. World No 1 Hacker Software
  51. Hacker Tools Linux
  52. Hack Tools Pc
  53. Pentest Tools Bluekeep
  54. Github Hacking Tools
  55. How To Install Pentest Tools In Ubuntu
  56. Hacker Tools 2019
  57. Hacker Tool Kit
  58. Pentest Recon Tools
  59. Github Hacking Tools
  60. Pentest Tools Nmap
  61. Hacking App
  62. Pentest Tools Website Vulnerability
  63. Beginner Hacker Tools
  64. Hacker Techniques Tools And Incident Handling
  65. Hacker Techniques Tools And Incident Handling
  66. Pentest Tools For Ubuntu
  67. What Is Hacking Tools
  68. Pentest Box Tools Download
  69. Hacking Tools Hardware
  70. New Hacker Tools
  71. Hack Website Online Tool
  72. Bluetooth Hacking Tools Kali
  73. Pentest Tools Find Subdomains
  74. Pentest Tools List
  75. Pentest Tools For Android
  76. Pentest Tools Bluekeep
  77. Hacker Tools For Windows
  78. Pentest Tools Online
  79. Hacker
  80. Hacker Tools Windows
  81. Android Hack Tools Github
  82. Pentest Tools Free
  83. Hacking Tools For Games
  84. Hacking Tools For Mac
  85. Hacking Tools
  86. Pentest Tools Tcp Port Scanner
  87. Hacking Tools Name
  88. Hack Tools For Ubuntu
  89. Hacks And Tools
  90. Kik Hack Tools
  91. Hacker Tools Free
  92. Hacking Apps
  93. Hacker Tools Hardware
  94. Hacker Tools 2019
  95. Growth Hacker Tools
  96. Hacking Tools For Windows
  97. Hack App
  98. Pentest Tools Alternative
  99. Hacker Tools Online
  100. What Are Hacking Tools
  101. Pentest Tools Apk
  102. Pentest Tools For Mac
  103. Hacking Tools For Windows Free Download
  104. Hacker Tools For Windows
  105. Hack Tools For Ubuntu
  106. Hacking Tools And Software
  107. Hacker Tools Mac
  108. How To Make Hacking Tools
  109. Pentest Tools Website Vulnerability
  110. Hackrf Tools
  111. Pentest Tools Github
  112. Pentest Box Tools Download
  113. Blackhat Hacker Tools
  114. Hacking Tools
  115. Hacker Tools
  116. Hack Tools Github
  117. Hack Tool Apk No Root
  118. Pentest Tools Download
  119. Hack Website Online Tool
  120. Hack Rom Tools
  121. Game Hacking
  122. Hacking Tools Software
  123. Hacking Tools For Pc
  124. Pentest Tools Find Subdomains
  125. Tools For Hacker
  126. Pentest Tools List
  127. Nsa Hack Tools Download
  128. How To Make Hacking Tools
  129. Hacking Tools Online
  130. Hack Tools
  131. Beginner Hacker Tools
  132. Hack Tool Apk No Root
  133. Best Hacking Tools 2019
  134. Pentest Tools Subdomain
  135. Hack And Tools
  136. Hacking Tools Usb
  137. Nsa Hack Tools
  138. Hacking Tools Hardware
  139. How To Make Hacking Tools
  140. Hacker Techniques Tools And Incident Handling
  141. Hack Tools Online
  142. Pentest Tools For Windows
  143. Pentest Tools Website Vulnerability
  144. Hacking Tools Windows 10
  145. Hack Tools Github
  146. Usb Pentest Tools
  147. Pentest Tools Website
  148. Hacking Tools Github
  149. Hacker Tools Hardware
  150. Hack Tools
  151. Hacking Tools For Windows Free Download
  152. Hacker Tools Online
  153. Hack Tools For Pc
  154. Black Hat Hacker Tools
  155. Pentest Tools Windows
  156. Pentest Tools Open Source
  157. Hacker Techniques Tools And Incident Handling
  158. Pentest Tools For Windows
  159. Pentest Tools Github
  160. Pentest Tools Linux
  161. Pentest Tools Subdomain
  162. Underground Hacker Sites
  163. Pentest Tools Apk
  164. Hack Tools Pc
  165. Pentest Tools Windows
  166. Growth Hacker Tools
  167. Hacker Tools Hardware
  168. Hacking Tools Usb
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)