29C3 - Version 1.9
| Speakers | |
|---|---|
|
djb |
|
Jean-Philippe Aumasson |
|
Martin Boßlet |
| Schedule | |
|---|---|
| Day | Day 3 - 2012-12-29 |
| Room | Saal 4 |
| Start time | 21:45 |
| Duration | 01:00 |
| Info | |
| ID | 5152 |
| Event type | Lecture |
| Language used for presentation | English |
| Feedback | |
|---|---|
|
Did you attend this event? Give Feedback |
Hash-flooding DoS reloaded: attacks and defenses
At 28C3, Klink and Waelde showed that a number of technologies (PHP, ASP.NET, Ruby, Java, Python, etc.) were vulnerable to the decade-old hash-flooding DoS attacks. The vulnerability was then often fixed by adopting stronger hash functions and "randomizing" them.
We show that it's not enough, at least for systems relying on "MurmurHash" or on Google's "CityHash64", by presenting powerful "universal multicollision" attacks for those functions. We will present demos showing how to exploit these attacks to DoS a Ruby on Rails application, as well as the latest Java OpenJDK7. We also describe a vulnerability of Python's new randomized hash, allowing an attacker to easily recover the 128-bit secret seed. As a reliable fix to hash-flooding, we introduce SipHash, a family of cryptographically strong keyed hash function competitive in performance with the weak hashes, and already adopted in OpenDNS, Perl 5, Ruby, and in the Rust language.