Swift : Weak hashing algorithm
Classification
Overview
The used hash function is insecure. Its use can lead to a data confidentiality loss.
Insufficient Cryptography vulnerabilities take the fifth place in the “OWASP Mobile Top 10 2016” mobile application vulnerabilities ranking.
The MD2, MD5, SHA1 hash functions have known vulnerabilities. Finding collisions for MD2 and MD5 functions does not require substantial resources; the similar problem for SHA1 is likely to be solved in the near future. If these functions are used to store valuable information (such as passwords), its confidentiality can be violated.
The hash function used to store passwords not only should be resistant to collisions but also should not be too fast. This complicates the attack by exhaustive search. For this purpose specialized hash functions have been developed: PBKDF2, bcrypt, scrypt.
Suppose that user passwords are stored on the server in encrypted form with the use of insecure hash function (e.g., MD5). A possible attack scenario:
- The attacker gets access to the encrypted passwords.
- An attacker exploits a vulnerability of hashing algorithm and calculates the string for which the hash algorithm gives the same value as for the user’s password.
- The attacker passes the authentication using a calculated string.
References
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- OWASP: Top 10 2010-A7-Insecure Cryptographic Storage
- CWE-326: Inadequate Encryption Strength
- NIST Approved Algorithms
- How to securely hash passwords – Thomas Pornin / stackoverflow.com
- MD5 considered harmful today. Creating a rogue CA certificate – Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger / win.tue.nl
- Encrypting and Hashing Data - developer.apple.com
- OWASP Mobile Top 10 2016-M5-Insufficient Cryptography
- CWE-328
- Bleichenbacher’s attack