Use prefixes in Swift hashing to reduce exposure to collision attacks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Wishlist
|
David Hadas |
Bug Description
Swift uses a suffix to avoid collision attacks. See https:/
Yet, an attacker does not need to know the secret suffix in order to mount a collision attack. Further, the secret suffix adds nothing to protect Swift against the attack. Once two prefixes (ending with a common suffix) collide, any additional suffix that will be added by Swift would still collide… hence the attacker need not worry about the secret ;)
Further such an attack can be made with just 64 characters.
To date, MD5 is known to be vulnerable to an attack if no prefix is applied or if the prefix of the two aliases is known to the attacker. There is no known attack on an MD5 using a secret prefix (TBD reconfirm), hence Swift needs to be enhanced with an MD5 hash prefix allowing new installations to be protected against collision attacks.
I would create a patch to add a secret prefix in the hope to get this fixed for new installations using 1.8
Later, we need to consider additional measures.
Changed in swift: | |
milestone: | none → 1.8.0-rc2 |
Changed in swift: | |
milestone: | 1.8.0-rc2 → 1.8.0 |
Fix proposed to branch: master /review. openstack. org/24858
Review: https:/