Project

General

Profile

Actions

Idea #4424

closed

[Keep] [DRAFT] Use stronger hash algorithm (such as SHA-2) for Keep blocks

Added by Peter Amstutz about 10 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assigned To:
-
Category:
Keep
Target version:
-
Start date:
Due date:
Story points:
5.0

Description

The md5 algorithm is well known to be insecure. Attackers can force hash collisions on arbitrary data, for example http://natmchugh.blogspot.com/2014/10/how-i-created-two-images-with-same-md5.html?m=1

In the case of Keep, this exposes an obvious vulnerability. If an attacker known the hash of a block, he or she could subvert the permission system this way:

  1. Generate a block that collides with the desired hash
  2. Upload the collision block and receive a signed token
  3. Use the signed token to request the block

(We may be able to tighten Keep's behavior to make this attack more difficult, such as doing a byte-for-byte check that the uploaded block matches a known block.)

This is a general vulnerability that attacks the assumptions of content-based addressing, so it seems very likely that there are other more subtle attack vectors. Another possible attack would be a denial-of-service attack by uploading bogus blocks with specific content hashes and garbage content, preventing a user from uploading legitimate data.

We need to start thinking about moving to a best practices cryptographic hash. The first obvious choice would be SHA-1 (used by git), but it is already considered vulnerable so we should look at SHA-2 or SHA-3.

Fixing this is likely to be somewhat difficult and disruptive, since there is already a lot of code that makes assumptions about the format and length of content hashes used by Keep, which would become longer with a stronger hash function.

Actions #1

Updated by Peter Amstutz about 10 years ago

  • Subject changed from Use stronger hash algorithm for Keep blocks to [Keep] Use stronger hash algorithm than md5 for Keep blocks
  • Category set to Keep
Actions #2

Updated by Peter Amstutz about 10 years ago

  • Description updated (diff)
Actions #3

Updated by Peter Amstutz about 10 years ago

  • Subject changed from [Keep] Use stronger hash algorithm than md5 for Keep blocks to [Keep] [DRAFT] Use stronger hash algorithm than md5 for Keep blocks
  • Description updated (diff)
Actions #4

Updated by Peter Amstutz about 10 years ago

  • Subject changed from [Keep] [DRAFT] Use stronger hash algorithm than md5 for Keep blocks to [Keep] [DRAFT] Use stronger hash algorithm (such as SHA-2) for Keep blocks
Actions #5

Updated by Peter Amstutz about 10 years ago

  • Target version set to Arvados Future Sprints
Actions #6

Updated by Tom Clegg almost 8 years ago

  • Status changed from New to Closed
Actions #7

Updated by Tom Clegg almost 8 years ago

  • Target version deleted (Arvados Future Sprints)
Actions

Also available in: Atom PDF