ossec-hids icon indicating copy to clipboard operation
ossec-hids copied to clipboard

Published 20 hours ago verified publisher icon ossec

File integrity checks use broken hash functions

Open tad-w opened this issue 7 years ago • 10 comments

OSSEC file integrity checks use MD5 and SHA-1, which have both been broken in practice, e.g. https://shattered.io/.

Since OSSEC uses both algorithms, I'm not sure it's vulnerable to collisions today. However, there's existing literature about multicollision complexity in Merkle-Damgard hashes, and in a few years OSSEC file integrity checks might be susceptible to collision attacks.

Upgrading to SHA-2 and SHA-3 hashes seems like a reasonable solution.

Some links about the complexity of multicollisions in iterated functions: http://www.springerlink.com/index/DWWVMQJU0N0A3UGJ.pdf https://crypto.stackexchange.com/questions/36988/how-hard-is-it-to-generate-a-simultaneous-md5-and-sha1-collision (outlines above) https://www.schneier.com/academic/paperfiles/paper-preimages.pdf (contains an improved method)

tad-w avatar May 19 '17 21:05 tad-w

That is an issue we've been looking at. I kind of want to keep md5 and add sha256. A lot of hashes for indicators are one of those 2.

ddpbsd avatar May 19 '17 22:05 ddpbsd

Is there another forum for following this issue?

Can you explain the motivation for keeping md5? Since that's the weakest of the aforementioned hashes, I'm surprised that's not the first to go.

tad-w avatar May 22 '17 14:05 tad-w

Id say more for backwards compatibility with 3rd party integrations out there. We'll keep md5 in there to not break those things, but rely on sha256 for the future FIM updates

atomicturtle avatar Jun 21 '17 16:06 atomicturtle

I'd like to work on this issue if no one else is already assigned to it. Can you explain if its suggested to add a library directly by importing it or to add the source code of SHA256? Any other references to refer for working on this issue? @atomicturtle @ddpbsd

sudeepb02 avatar Mar 27 '18 07:03 sudeepb02

@sudeepb02 Please look at pull request #1381. I've added sha256. It's still young and rough around the edges, and could use some more eyes and testers.

ddpbsd avatar Mar 27 '18 12:03 ddpbsd

@ddpbsd Are there any plans on merging this?

erhan- avatar Apr 29 '19 11:04 erhan-

@erhan- There hasn't been a lot of testing, other than what I've done. And it looks like there are currently some conflicts in the PR. I'll look into the conflicts, but I'm not sure what else I can do.

ddpbsd avatar Apr 29 '19 12:04 ddpbsd

Am I missing something or why is this issue closed? Is this already implemented? I tried check_sha256sum="yes" but it does not work. Wazuh seems to have it implemented. Is this not applied upstream to ossec as well?

Edit: I think this is very important for a security tool! This should stay open! Can we open this please @atomicturtle ? :)

erhan- avatar Feb 02 '21 10:02 erhan-

@erhan- No one has done the work to backport it from Wazuh to OSSEC. I had started updating the hashes using libsodium, but there wasn't much interest.

ddpbsd avatar Feb 02 '21 13:02 ddpbsd

Thanks for reopening it! I understand that this is not an easy job but in my opinion it is important not to use weak hash functions at all.

erhan- avatar Feb 04 '21 19:02 erhan-