Recent research results in the cryptography community have identified techniques that decrease the amount of processing required to find collisions in MD5 and SHA-1. Some links on this topic include:
These findings have raised questions about the use of MD5 and SHA-1 in the digital forensic community because MD5 and SHA-1 are frequently used to ensure that files have not changed and to identify known data. DFRWS agrees with the NIST NSRL group that these recent developments do not significantly affect the use of MD5 and SHA-1 in digital forensics and we agree with calls to research and develop new algorithms. Based on the recent results, researchers and vendors should be thinking about new methods for proving data integrity and future DFRWS conferences will hopefully have presentations and results on the topic.
However, while it is important to be proactive about developing new algorithms, it is also important to be proactive about knowing the true strength of MD5 and SHA-1. This is similar to testing the security of your servers or buildings using red teams before an attacker uses the same tactics.
Hashes are used during a digital investigation for a variety of purposes, including to verify that digital evidence has not been altered during or after it is forensically preserved. To test the impact of current and future attacks against MD5 and SHA-1, we are providing a standard disk image and its hash values. The "challenge," which was issued on May 24, 2006, is to try to modify the disk image such that it has the same MD5 and/or SHA-1 value and still has a valid file system structure. This disk image can serve as a type of barometer for the use of MD5 and SHA-1 in digital forensics. If the challenge is solved (and we are not convinced that it will be), then it will be clear that different techniques should be used to prove integrity.
Not all attacks on MD5 and SHA-1 are equivalent. In general, there are four basic scenarios for a modified disk image that has the same hash value and a valid file system:
Another set of scenarios would maintain both the same MD5 AND SHA-1. The impact of this challenge being solved will be based on which scenario occurs. For example, if the resulting image file is twice as large as the original then this could be detected by comparing the file size with the original disk. But, even that case does not mean that someone can change arbitrary data and possibly change the investigation results.
It should be stressed that our goal is not to support the "bad guys" and show that MD5 and SHA-1 are vulnerable. The opposite is true. We believe that the current attacks are not significant enough to cause immediate concern and we do not expect a modified version of the disk image to exist in the near future. Given an existing item of digital evidence, we believe that it is currently infeasible to alter the item slightly without changing the MD5 or to create a new item of similar evidence with the same MD5 hash. This disk image can be thought of as the canary in the mine that is used to warn digital forensic practitioners of future problems.
The disk image for this challenge comes from a previous DFRWS challenge. It is a floppy disk image that was used as part of the 2002 DFRWS Forensic Rodeo and was released to the public as the Honeynet Project's Scan 24. It contains a FAT file system with evidence about a crime (refer to the Honeynet page for the full details).
Disk Image (20 kb Zip): dfrws-hashchallenge.zip
The hash values of the raw image are as follows:
To submit a modified disk image file that has the same MD5 and/or SHA-1 values as the ones listed above and that has a valid FAT file system structure, send an e-mail to hashchallenge (at) dfrws (dot) org. Include the modified disk image or a link from where it can be downloaded. Also include a description of how the modifications were made and whether the modified disk image now contains different evidence or no evidence of a crime. There is no submission deadline for this challenge.
Further questions can be submitted to hashchallenge (at) dfrws (dot) org.