4

Just to be clear, this is purely hypothetical.

Yesterday I got hit in the head with some bricks and, in the haze of concussions, discovered a perfect preimage attack on SHA2. For any given hash, I can immediately find some value that hashes to it. I want to disclose this responsibly.

Since this is an algorithm and not a program, there's nobody who can patch it in some grace period. And since it's a widespread algorithm, I can't just contact a few people and tell them to switch to another hash function. What should I do?

Hovercouch
  • 323
  • 1
  • 7
  • 3
    Not again this kind of question :(. If you are such a great cryptographer that you are able to break SHA-2 then you should know fellow researchers working in this field, contact these and discuss the issue. If you don't know any of these then first study current research in the field and see if you are able to understand current attacks. If you are then able to replicate your finding in the same quality as other researchers then you should also be able to get the contact information of these researchers from their papers and ask for peer reviewing your findings. – Steffen Ullrich Mar 24 '18 at 05:56
  • 1
    I know OP prefaced the scenario as a hypothetical one, but @SteffenUllrich's point is worth echoing. Some barista who does sudoku puzzles in their spare time probably isn't going to find a solution to the discrete logarithm problem. It's going to be a person or team of professional cryptographers/mathematicians. The answer to the question "What now?" will come from professionals--it'll come from the top down, not the bottom up. –  Mar 24 '18 at 06:16
  • 4
    Of course not! I just think it's a fascinating scenario that most of the stuff I've read on responsible disclosure doesn't really address: what happens when somebody finds an attack that immediately and _totally_ wrecks a major algorithm. And unlike something like P=NP, the researcher/barista/brickthrower can immediately demonstrate they're not a crackpot by providing something that hashes to aaaaaaaaaa... – Hovercouch Mar 24 '18 at 07:35

1 Answers1

1

The grace period is proportional to the complexity and time it would take to remedy the vulnerability. For example, take this thread on reporting a security vulnerability about a trusted certificate authority, a pretty serious problem with far-reaching consequences. One poster explains the reporting protocol well:

The rules of responsible disclosure, as decribed here, say that you should contact the vendor and negotiate a period of time - between 1 week and 6 months, depending on the depth of the changes required - in which they can implement a patch, revoke and re-issue certificates, publish security bulletins, etc, before you go public with your findings. The intention is that at the end of the negotiated period you get your public recognition, but your going public can't do any more harm - if the vendor has done their job properly.

I imagine, in your scenario, that the vulnerable vendor would (hopefully) relay the information to others. You could also contact CERT, who is trusted and has experience in dealing with such matters on a large scale. In a similar thread to the one I linked above, there's this:

You should let the developer(s) know privately so that they have a chance to fix it. After that, if and when you go public with the vulnerability, you should allow the developer enough time to fix the problem and whoever is exposed to it enough time to upgrade their systems. Personally, I would allow the developer to make the announcement in a security bulletin in most cases rather than announcing it myself.

We can probably agree that it would be a bad idea to go public immediately, because that would leave the door open for exploitation. So privately notifying them is the best way to go. In the meantime, they would probably fix it, upgrade, or switch to something else. What other reasonable options are there?

Finally, there are real-world cases of cryptographic vulnerabilities, and those algorithms were widely used. One example is Dual_EC_DRBG, an elliptic curve based algorithm, which was used for quite some time before being revoked due to security issues. I got schooled on it in this thread.