Collision

A collision is a vulnerability in hashing algorithms where two different values produce the same hash value. Hashing algorithms are a one-way cipher used to scramble data making it unreadable to a third party. Collisions occur when two different plaintext values produce the same hashed value. When two values create the same hash, the hashing algorithm is no longer cryptographically secure since multiple values could give access to data.

Data integrity is also at risk with hashing collisions. Using a simple example, suppose that the words “leave” and “stay” both produced the same hash value. Stored data now contains the same hash value with two different meanings. Even a small change in the source data should produce a different hash, so collisions destroy data integrity and bypass any kind of tampering detection.

Hashing is used when storing passwords, but it’s also used in checksums to detect file changes, digital signatures, and validate that data has not been tampered with when it passes from one location to another. Digital signatures used in email messages verify that the message was not tampered with by comparing the hashed value of a received message with the hashed value contained in the message. Just one character change is enough to alter the hashed value, which would not match the digital signature in a message. This system ensures that the message received contains the same data sent from the sender without tampering as the message travels from the sender to the recipient.

Hashes can be brute-forced using dictionary attacks. In a brute-force dictionary attack, scripts iterate through numerous dictionary terms and known passwords and hash them using the same algorithm as the stolen password hashes. When the same hash is produced from a dictionary term, the attacker now knows a user’s password or the data behind the hash. In a collision, the original data produces the same hash as a brute-force attack. The attacker could then tamper with the data unknowingly to the data recipient.

To avoid collisions, administrators responsible for hashing communications and password storage should use the most recent version of a cryptographically hashing algorithm. Deprecated hashing algorithms are vulnerable to collisions. While it might not seem like a serious vulnerability, it leaves communication open to potential tampering and leaves passwords open to a compromise. Passwords hashed with a deprecated algorithm could leave the account vulnerable to dictionary attacks when other values can be used to produce the same hash as the original password value.

Most data administrators work with salts for password hashes, which means that an additional value is appended to a password and then it’s hashed and stored. Should an attacker steal stored password hashes, they would not be vulnerable to collisions without the salt value. Although this is better for security, users should always change their passwords when hashes are compromised and stolen. Administrators should consider databases containing hashed passwords as highly sensitive targets, and they should ensure that the database is fully protected and defenses penetration tested to avoid exposing password hashes to an attacker.

Learn More

Related Terms

• Encryption
• Phishing
• Access Control List (ACL)

Further Reading

• Phishing Attack Examples and how to Prevent Them
• Complete Network Security Checklist
• Multi-Layered Approach to Phishing Protection

How Can TitanHQ Help?

TitanHQ offers various solutions to protect against bruce force attacks:

• Email Security Solution: Protects communications by filtering malicious content, reducing the risk of collision-related exploits in email-based attacks.
• Email Encryption: Ensures the confidentiality of email communication by encrypting messages and attachments.
• Web Security Solution: Prevents access to malicious websites where cryptographic vulnerabilities, including collision attacks, could be exploited.
• Security Awareness Training Solution: Educates users on identifying phishing tactics aimed at stealing credentials or exploiting collision vulnerabilities.