摘要
对已有的shell文件碰撞进行研究,分析已有框架实现SHA-1算法碰撞的复杂度。利用近似碰撞攻击等技术提出一种新的碰撞应用框架,降低攻击的复杂度。在该框架下,实现MD5和SHA-1算法碰撞应用的复杂度分别为2^(16)和2^(63.4),均低于生日碰撞攻击。为验证新碰撞应用框架的有效性,实现3个具体的应用。首先实现针对MD5算法的shell脚本文件以及bat文件的恶意碰撞,然后利用Word中的宏命令实现了两个Word文件的恶意碰撞。该框架扩展了哈希函数碰撞的应用场景,为哈希函数的设计和分析提供新的研究思路,具有实际应用的价值。
The existing shell script file collision is reviewed,and the complexity of the existing framework to implement the collision with SHA-1 is analyzed in this paper.Techniques such as near-collision attack are used to propose a new collision framework,which reduces the complexity of the original attack.The complexity of implementing collision applications with MD5 and SHA-1 in this framework is 2^(16) and 2^(63.4 )respectively,lower than that of the birthday search.To verify the new collision framework,three applications with the MD5 algorithm are implemented in this paper.Firstly,the malicious collision of shell script files and bat files against the MD5 algorithm is implemented.Finally,the malicious collision of two Word files is realized by using macro commands in Word.The framework extends the application scenario of hash function collision and provides new research ideas for the design and analysis of hash functions,which has the value of the practical application.
作者
李德刚
曾光
LI Degang;ZENG Guang(Information Engineering University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2024年第4期478-484,共7页
Journal of Information Engineering University
基金
数学工程与先进计算国家重点实验室开放课题(2020A08)。
关键词
哈希函数
碰撞应用
脚本文件
恶意哈希碰撞
Hash functions
collision applications
scripting files
malicious hash collision
