The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques.
This weakness is especially dangerous when the hash is used in security algorithms that require the one-way property to hold. For example, if an authentication system takes an incoming password and generates a hash, then compares the hash to another hash that it has stored in its authentication database, then the ability to create a collision could allow an attacker to provide an alternate password that produces the same target hash, bypassing authentication.
Time of Introduction
Architecture and Design
Technical Impact: Bypass protection
In both of these examples, a user is logged in if their given
password matches a stored password:
Hard-coded hashed values for username and password
contained in client-side script, allowing brute-force offline
Phase: Architecture and Design
Use an adaptive hash function that can be configured to change the
amount of computational effort needed to compute the hash, such as the
number of iterations ("stretching") or the amount of memory required.
Some hash functions perform salting automatically. These functions can
significantly increase the overhead for a brute force attack compared to
intentionally-fast functions such as MD5. For example, rainbow table
attacks can become infeasible due to the high computing overhead.
Finally, since computing power gets faster and cheaper over time, the
technique can be reconfigured to increase the workload without forcing
an entire replacement of the algorithm in use.
Some hash functions that have one or more of these desired properties include bcrypt [R.328.1], scrypt [R.328.2], and PBKDF2 [R.328.3]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
Note that using these functions can have an impact on performance, so
they require special consideration to avoid denial-of-service attacks.
However, their configurability provides finer control over how much CPU
and memory is used, so it could be adjusted to suit the environment's