ossec-hids
ossec-hids copied to clipboard
File integrity checks use broken hash functions
OSSEC file integrity checks use MD5 and SHA-1, which have both been broken in practice, e.g. https://shattered.io/.
Since OSSEC uses both algorithms, I'm not sure it's vulnerable to collisions today. However, there's existing literature about multicollision complexity in Merkle-Damgard hashes, and in a few years OSSEC file integrity checks might be susceptible to collision attacks.
Upgrading to SHA-2 and SHA-3 hashes seems like a reasonable solution.
Some links about the complexity of multicollisions in iterated functions: http://www.springerlink.com/index/DWWVMQJU0N0A3UGJ.pdf https://crypto.stackexchange.com/questions/36988/how-hard-is-it-to-generate-a-simultaneous-md5-and-sha1-collision (outlines above) https://www.schneier.com/academic/paperfiles/paper-preimages.pdf (contains an improved method)
That is an issue we've been looking at. I kind of want to keep md5 and add sha256. A lot of hashes for indicators are one of those 2.
Is there another forum for following this issue?
Can you explain the motivation for keeping md5? Since that's the weakest of the aforementioned hashes, I'm surprised that's not the first to go.
Id say more for backwards compatibility with 3rd party integrations out there. We'll keep md5 in there to not break those things, but rely on sha256 for the future FIM updates
I'd like to work on this issue if no one else is already assigned to it. Can you explain if its suggested to add a library directly by importing it or to add the source code of SHA256? Any other references to refer for working on this issue? @atomicturtle @ddpbsd
@sudeepb02 Please look at pull request #1381. I've added sha256. It's still young and rough around the edges, and could use some more eyes and testers.
@ddpbsd Are there any plans on merging this?
@erhan- There hasn't been a lot of testing, other than what I've done. And it looks like there are currently some conflicts in the PR. I'll look into the conflicts, but I'm not sure what else I can do.
Am I missing something or why is this issue closed? Is this already implemented? I tried check_sha256sum="yes" but it does not work. Wazuh seems to have it implemented. Is this not applied upstream to ossec as well?
Edit: I think this is very important for a security tool! This should stay open! Can we open this please @atomicturtle ? :)
@erhan- No one has done the work to backport it from Wazuh to OSSEC. I had started updating the hashes using libsodium, but there wasn't much interest.
Thanks for reopening it! I understand that this is not an easy job but in my opinion it is important not to use weak hash functions at all.