search

AKushWarrior / steel_crypt

A collection of high-level API's exposing PointyCastle to perform hashing and encrypting in popular/secure algorithms.
https://pub.dev/packages/steel_crypt
Mozilla Public License 2.0
40 stars 10 forks source link

Password Hashing "Collisions" when using SHA-256/HMAC/PBKDF2 #12

Closed Inch4Tk closed 4 years ago

Inch4Tk commented 4 years ago

The following code using SHA-256/HMAC/PBKDF2 yielded colliding hashes when the input password did only have a one character difference (see example). I am no cryptography expert, but I suspect this is not correct behavior. No collisions happened after changing the algorithm (tested with scrypt, SHA-384/HMAC/PBKDF2, SHA-512/HMAC/PBKDF2, SHA-3/256/HMAC/PBKDF2).

Example Code:

final passCrypt = PassCrypt("SHA-256/HMAC/PBKDF2");
final String salt = CryptKey().genDart(16);
final String pw1 = "12345";
final String pw2 = "12344";
final String pw3 = "12346";
final String pw4 = "12445";
final String pw5 = "12333";
final String hashed1 = passCrypt.hashPass(salt, pw1);
final String hashed2 = passCrypt.hashPass(salt, pw2);
final String hashed3 = passCrypt.hashPass(salt, pw3);
final String hashed4 = passCrypt.hashPass(salt, pw4);
final String hashed5 = passCrypt.hashPass(salt, pw5);
print("salt $salt");
print("hash1 $hashed1");
print("hash2 $hashed2");
print("hash3 $hashed3");
print("hash4 $hashed4");
print("hash5 $hashed5");

Outputs:

I/flutter (16996): salt nM6EwNuaWSptCcN6CHTgdw==
I/flutter (16996): hash1 22z1TmXCU/RzTts93APisjhJJ+wWtHXP0CnD/PqVHYA=
I/flutter (16996): hash2 22z1TmXCU/RzTts93APisjhJJ+wWtHXP0CnD/PqVHYA=
I/flutter (16996): hash3 22z1TmXCU/RzTts93APisjhJJ+wWtHXP0CnD/PqVHYA=
I/flutter (16996): hash4 22z1TmXCU/RzTts93APisjhJJ+wWtHXP0CnD/PqVHYA=
I/flutter (16996): hash5 ix0UCXAa7+uPYLNroeTZh7RinNq2Ou4GAns1FBVDddg=

The test was done on a physical android device with flutter. I did not test if this can be reproduced on another platform.

AKushWarrior commented 4 years ago

Yup, this is a security issue. I'll take a look to see if I can replicate it...

AKushWarrior commented 4 years ago

Update 1: I've done some tests. It appears this is an issue with SHA-256, not HMAC, as using normal SHA-256 also yields collisions. More updates coming...

AKushWarrior commented 4 years ago

Update 2: SHA-224 is also broken. The longer SHA's are fine (384, 512).

AKushWarrior commented 4 years ago

It took me a while, but I found the issue. Will publish an update later today.

AKushWarrior commented 4 years ago

Fixed on pub. Will publish to GitHub now.