Introduction
The OWASP Top Ten list provides in-depth information about the most common security issues facing web applications. Number two on the list is A02:2021 – Cryptographic Failures, which covers a wide range of common mistakes.
Included in the list of CWEs related to this vulnerability is CWE 328, Use of Weak Hash. Hash algorithms are commonly used to protect data integrity, and the use of a weak or broken hash algorithm undermines these protections.
How Hash Functions Work
Hash functions are used to protect data integrity in a wide range of applications. Password storage best practices involve storing hashed passwords rather than the credentials themselves. Hash functions are also crucial to digital signatures and the integrity of the blockchain’s digital ledger.
Unlike other cryptographic algorithms, hash functions do not use a secret key to obfuscate data. Instead, the data is processed using an algorithm that contains a “trapdoor function”. This trapdoor function is designed to be easy to perform but computationally infeasible to reverse.
Hash functions are deterministic functions, meaning that hashing the same input multiple times will always produce the same result. Cryptographic hash functions are also collision-resistant, meaning that it is infeasible to identify two inputs to a hash function that produce the same output. While many potential collisions exist — an infinite number of inputs are mapped to a finite number of outputs — hash functions are specifically designed to make them difficult to find.
Hash function collision resistance makes it valuable for integrity protection. If two inputs hash to the same hash value, then the two inputs are likely identical. For password storage, this means that a computer can store a hash of a user’s password and then validate future login attempts by comparing the stored hash and the hash of a submitted password rather than storing password information on a server where it could potentially be exposed or abused.
Where Hashing Goes Wrong
Hash functions are useful as long as they remain collision resistant. Some of the ways that hash functions’ benefits can be negated by misuse include:
- Use of a Weak Hash Algorithm: Hash functions generate outputs of a fixed length, which defines the number of potential inputs that an attacker needs to search to find a collision. If this output length becomes too short or the hash contains exploitable flaws, then the hash is no longer secure. MD5 and SHA1 are examples of hash functions with inadequate output lengths that are no longer fit for use.
- Unsalted Password Hashing: Hash functions are deterministic, so hashing the same password produces the same hash, which presents problems for password reuse. Password security best practices mandate that all hash passwords should use a salt (a small, unique value) to ensure that identical passwords hash to different values. Failure to salt passwords makes them more vulnerable to attack if hashes are compromised in a data breach.
- Salt Reuse When Hashing: Password storage best practices mandate the use of unique salts for each stored password to ensure that different passwords produce different hashes and to prevent use of rainbow tables. Use of the same salt for all stored passwords largely negates the value of the salt because an attacker can still identify duplicate passwords for different user accounts.
Case Study: EnroCrypt
EnroCrypt is an encryption and hashing module for Python. In 2021, CVE-2021-39182 disclosed that the library supported the use of insecure hash algorithms.
The EnroCrypt library included several hash functions as options in its hashing.py file. Among these was the MD5 hash algorithm, which has been considered vulnerable since 2005. Python developers who used the EnroCrypt library and were unaware of MD5’s weaknesses may have included it in their code.
Using Hash Functions Securely
Hash functions are a commonly misunderstood cryptographic algorithm because they are irreversible functions used for integrity protection (not data confidentiality) and do not use secret keys. Some best practices for the secure use of hash functions include:
- Use a strong hash algorithm such as SHA-256
- Use a trusted library implementation of cryptographic code
- Salt hashed passwords using a unique salt for each password
Up Next
To help build understanding of how cryptography can go wrong and how to fix it, we’ll continue to dive deep into prevention measures and most of the 29 CWEs related to OWASP’s A02:2021 – Cryptographic Failures vulnerability in a series of blogs. Each blog will describe the weakness, why it happens, a real-world case study, and recommended mitigations.
We’re very committed to improving the state of cryptography and data security by sharing knowledge and helping to correct common misconceptions about how cryptography works and how to use it properly. To keep up with this series and our other research and cryptography content, make sure to subscribe to our blog in the page footer below.
FAQs
Weak hashing algorithms are those that have been proven to be of high risk, or even completely broken, and thus are not fit for use.
What is the weakest hash function? ›
The worst hash function is one that returns a constant value. I.e. all objects of that type have the same hash value, resulting in tons of collisions.
Which OWASP top 10 category is CWE 328 Reversible One Way hash mapped to? ›
The OWASP Top Ten list provides in-depth information about the most common security issues facing web applications. Number two on the list is A02:2021 – Cryptographic Failures, which covers a wide range of common mistakes. Included in the list of CWEs related to this vulnerability is CWE 328, Use of Weak Hash.
Is SHA-1 a weak hash function? ›
SHA1 : Secure Hash Algorithm 1 (SHA1) was designed by the NSA. Like MD5, SHA1 is vulnerable to collision attacks. By 2005 SHA1 was considered insecure, in 2011 the National Institute of Standards and Technology (NIST) formally deprecated it.
Is SHA-256 a weak hashing algorithm? ›
Many consider SHA-256 to be one of the most secure hashing algorithms today. This is because it's great at preventing values from being reversed back to the original content.
Is MD5 a weak hash? ›
Weak security: MD5 produces a fixed-sized 128-bit hash value, which is significantly shorter than modern secure hash functions like SHA-256 or SHA-3. A shorter hash length reduces the resistance against brute-force and collision attacks, increasing the risk of an attacker successfully compromising the data.
What is an example of a bad hash function? ›
A lot of obvious hash function choices are bad. For example, if we're mapping names to phone numbers, then hashing each name to its length would be a very poor function, as would a hash function that used only the first name, or only the last name. We want our hash function to use all of the information in the key.
What is the most famous hash function? ›
The MD5 algorithm, defined in RFC 1321, is probably the most well-known and widely used hash function. It is the fastest of all the . NET hashing algorithms, but it uses a smaller 128-bit hash value, making it the most vulnerable to attack over the long term.
What are the two basic attacks against a hash function? ›
Pre-image attack: In contrast to a collision attack, in a pre-image attack the hash value is specified. Birthday attack: The birthday attack is based on the birthday paradox, i.e., the probability that in a set of n randomly chosen people, some pair of them will have the same birthday.
What are the risks of weak encryption? ›
Weak cryptography can enable attackers to decrypt the intercepted data, modify it, and re-encrypt it before forwarding it to the intended recipient. This can lead to unauthorized access, data manipulation, or the injection of malicious content.
The OWASP Top Ten covers more general concepts and is focused on Web applications. The CWE Top 25 covers a broader range of issues than what arises from the Web-centric view of the OWASP Top Ten, such as buffer overflows.
What is the use of weak algorithm? ›
Using broken or weak cryptographic algorithms can leave data vulnerable to being decrypted or forged by an attacker. Many cryptographic algorithms provided by cryptography libraries are known to be weak, or flawed. Using such an algorithm means that encrypted or hashed data is less secure than it appears to be.
Why is SHA256 more secure than SHA-1? ›
Regarding SHA-1 and SHA-256, their output hash length, vulnerability to brute force attacks, and overall security are the core differences. SHA-256 is newer and more secure, with a 256-bit hash length as opposed to SHA-1's 160-bit length. This difference translates directly into a higher level of security for SHA-256.
Can you reverse SHA-1? ›
You can't. By definition, a hash function is any function that takes a variable length input and produces a fixed length output. Cryptographic hash function such as SHA-1 and MD5 are just hash functions that meet certain cryptographic criteria.
Why is SHA-2 better than SHA-1? ›
SHA-1 offers weak security as it sometimes gives the same digest for two different data values, owing to its limited bit-length and therefore possible hash combinations, while SHA-2 produces a unique digest for every data value as a large number of combinations are possible in it (2^256 possible combinations for a 256- ...
What are the weaknesses of hashing? ›
Collision Risk: Collisions occur when two different inputs produce the same hash value. While good hash functions aim to minimize collisions, they are still possible. Collisions can have security implications and impact the efficiency of hash tables.
What are the three types of hashing? ›
Understanding Three Types of Hashing. In the realm of data security and integrity, understanding the intricacies of Three Types of hashing - MD5, SHA-2 , and CRC32 - is paramount. Each algorithm serves a distinct purpose in safeguarding digital assets and ensuring the authenticity of information.
What is the difference between weak and strong collision in hashing? ›
Second Preimage Resistance (Weak Col. Res.): It is computationally infeasible to find any second input which has the same output as any specified input. Collision Resistance (Strong Col. Res.): It is computationally infeasible to find any two distinct inputs which hash to the same output.
What makes a bad hash function? ›
One of the key properties of a good hash function is that it should produce unique hash values for different input data. However, bad hash functions can produce collisions, where different input data produces the same hash value.
