HashClash

Last updated
HashClash
Operating system cross-platform
Platform BOINC
Website web.archive.org/web/20071016235617/http://boinc.banaan.org:80/hashclash/

HashClash was a volunteer computing project running on the Berkeley Open Infrastructure for Network Computing (BOINC) software platform to find collisions in the MD5 hash algorithm. [1] It was based at Department of Mathematics and Computer Science at the Eindhoven University of Technology, and Marc Stevens initiated the project as part of his master's degree thesis.

Contents

The project ended after Stevens defended his M.Sc. thesis in June 2007. [2] However, SHA1 was added later, and the code repository was ported to git in 2017. [3]

The project was used to create a rogue certificate authority certificate in 2009. [4]

See also

Related Research Articles

The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 1321.

In cryptography, SHA-1 is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard. The algorithm has been cryptographically broken but is still widely used.

Grid computing is the use of widely distributed computer resources to reach a common goal. A computing grid can be thought of as a distributed system with non-interactive workloads that involve many files. Grid computing is distinguished from conventional high-performance computing systems such as cluster computing in that grid computers have each node set to perform a different task/application. Grid computers also tend to be more heterogeneous and geographically dispersed than cluster computers. Although a single grid can be dedicated to a particular application, commonly a grid is used for a variety of purposes. Grids are often constructed with general-purpose grid middleware software libraries. Grid sizes can be quite large.

<span class="mw-page-title-main">Berkeley Open Infrastructure for Network Computing</span> Open source middleware system for volunteer and grid computing

The Berkeley Open Infrastructure for Network Computing is an open-source middleware system for volunteer computing. Developed originally to support SETI@home, it became the platform for many other applications in areas as diverse as medicine, molecular biology, mathematics, linguistics, climatology, environmental science, and astrophysics, among others. The purpose of BOINC is to enable researchers to utilize processing resources of personal computers and other devices around the world.

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision. This is in contrast to a preimage attack where a specific target hash value is specified.

<span class="mw-page-title-main">Predictor@home</span> BOINC based volunteer computing project to predict protein structure

Predictor@home was a volunteer computing project that used BOINC software to predict protein structure from protein sequence in the context of the 6th biannual CASP, or Critical Assessment of Techniques for Protein Structure Prediction. A major goal of the project was the testing and evaluating of new algorithms to predict both known and unknown protein structures.

<span class="mw-page-title-main">LHC@home</span> Volunteer computing project researching particle simulations for LHC development

LHC@home is a volunteer computing project researching particle physics that uses the Berkeley Open Infrastructure for Network Computing (BOINC) platform. The project's computing power is utilized by physicists at CERN in support of the Large Hadron Collider and other experimental particle accelerators.

<span class="mw-page-title-main">David P. Anderson</span> American research scientist (born 1955)

David Pope Anderson is an American research scientist at the Space Sciences Laboratory, at the University of California, Berkeley, and an adjunct professor of computer science at the University of Houston. Anderson leads the SETI@home, BOINC, Bossa, and Bolt software projects.

SZTAKI Desktop Grid (SzDG) was a BOINC project located in Hungary run by the Computer and Automation Research Institute (SZTAKI) of the Hungarian Academy of Sciences. It closed on June 21, 2018.

<span class="mw-page-title-main">SETI@home beta</span> BOINC based volunteer computing project supporting SETI@home development

SETI@home beta, is a hibernating volunteer computing project using the Berkeley Open Infrastructure for Network Computing (BOINC) platform, as a test environment for future SETI@home projects:

<span class="mw-page-title-main">BOINC client–server technology</span> BOINC volunteer computing client–server structure

BOINC client–server technology refers to the model under which BOINC works. The BOINC framework consists of two layers which operate under the client–server architecture. Once the BOINC software is installed in a machine, the server starts sending tasks to the client. The operations are performed client-side and the results are uploaded to the server-side.

<span class="mw-page-title-main">Volunteer computing</span> System where users donate computer resources to contribute to research

Volunteer computing is a type of distributed computing in which people donate their computers' unused resources to a research-oriented project, and sometimes in exchange for credit points. The fundamental idea behind it is that a modern desktop computer is sufficiently powerful to perform billions of operations a second, but for most users only between 10–15% of its capacity is used. Common tasks such as word processing or web browsing leave the computer mostly idle.

<span class="mw-page-title-main">Alexander Sotirov</span>

Alexander Sotirov is a computer security researcher. He has been employed by Determina and VMware. In 2012, Sotirov co-founded New York based Trail of Bits with Dino Dai Zovi and Dan Guido, where he currently serves as co-CEO.

<span class="mw-page-title-main">POEM@Home</span> BOINC based volunteer computing project

POEM@Home was a volunteer computing project hosted by the Karlsruhe Institute of Technology and running on the Berkeley Open Infrastructure for Network Computing (BOINC) software platform. It modeled protein folding using Anfinsen's dogma. POEM@Home was started in 2007 and, due to advances using GPUs that rendered the BOINC program redundant, concluded in October 2016. The POEM@home applications were proprietary.

<span class="mw-page-title-main">GPUGRID.net</span> BOINC based volunteer computing project researching molecular biology simulations

GPUGRID is a volunteer computing project hosted by Pompeu Fabra University and running on the Berkeley Open Infrastructure for Network Computing (BOINC) software platform. It performs full-atom molecular biology simulations that are designed to run on Nvidia's CUDA-compatible graphics processing units.

<span class="mw-page-title-main">DistrRTgen</span> BOINC based volunteer computing project

Distributed Free Rainbow Tables was a volunteer computing project for making rainbow tables for password cracking. By using the Berkeley Open Infrastructure for Network Computing (BOINC) software platform, DistrRTgen was able to generate rainbow tables that are able to crack long passwords. DistrRtgen was used to generate LM, NTLM, MD5 and MYSQLSHA1 rainbow tables.

theSkyNet A volunteer computing research project that used BOINC to carry out research in astronomy

theSkyNet was a research project that used volunteer Internet-connected computers to carry out research in astronomy. It was an initiative of the International Centre for Radio Astronomy Research (ICRAR), a joint venture of Curtin University and the University of Western Australia. theSkyNet had two projects, Sourcefinder and POGS. Both projects have been completed. theSkyNet Sourcefinder aimed to test and refine automatic radio sourcefinding algorithms in preparation for radio galaxy surveys using the Australian Square Kilometre Array Pathfinder and the Square Kilometre Array. theSkyNet POGS used Spectral Energy Distribution fitting to calculate characteristics of many galaxies using images taken by the Pan-STARRS PS1 optical telescope in Hawaii.

<span class="mw-page-title-main">Gridcoin</span> Cryptocurrency rewarding work on BOINC

Gridcoin is an open source cryptocurrency which securely rewards volunteer computing performed on the BOINC network. Originally developed to support SETI@home, it became the platform for many other applications in areas as diverse as medicine, molecular biology, mathematics, linguistics, climatology, environmental science, and astrophysics.

Dr. ir. Marc Stevens is a cryptology researcher most known for his work on cryptographic hash collisions and for the creation of the chosen-prefix hash collision tool HashClash as part of his master's degree thesis. He first gained international attention for his work with Alexander Sotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger in creating a rogue SSL certificate which was presented in 2008 during the 25th annual Chaos Communication Congress warning of the dangers of using the MD5 hash function in issuing SSL certificates. Several years later in 2012, according to Microsoft, the authors of the Flame malware used similar methodology to that which the researchers warned of by initiating an MD5 collision to forge a Windows code-signing certificate. Marc was most recently awarded the Google Security Privacy and Anti-abuse applied award. Google selected Stevens for this award in recognition of his work in Cryptanalysis, in particular related to the SHA-1 hash function.

References

  1. "HashClash". 2007-10-16. Archived from the original on 2007-10-16. Retrieved 2022-08-28.
  2. Stevens's thesis "On Collisions for MD5" is available for download Archived 2017-05-17 at the Wayback Machine .
  3. "Old-SVN-hashclash/Downloads at master · cr-marcstevens/Old-SVN-hashclash". GitHub . Archived from the original on 2022-09-05. Retrieved 2019-05-29.
  4. Marc Stevens, Alexander Sotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik and Benne de Weger, "Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate", August 2009.