Exploring CWE-328 Use of a Weak Hash

Introduction

The OWASP Top Ten list provides in-depth information about the most common security issues facing web applications. Number two on the list is A02:2021 – Cryptographic Failures, which covers a wide range of common mistakes.

Included in the list of CWEs related to this vulnerability is CWE 328, Use of Weak Hash. Hash algorithms are commonly used to protect data integrity, and the use of a weak or broken hash algorithm undermines these protections.

How Hash Functions Work

Hash functions are used to protect data integrity in a wide range of applications. Password storage best practices involve storing hashed passwords rather than the credentials themselves. Hash functions are also crucial to digital signatures and the integrity of the blockchain’s digital ledger.

Unlike other cryptographic algorithms, hash functions do not use a secret key to obfuscate data. Instead, the data is processed using an algorithm that contains a “trapdoor function”. This trapdoor function is designed to be easy to perform but computationally infeasible to reverse.

Hash functions are deterministic functions, meaning that hashing the same input multiple times will always produce the same result. Cryptographic hash functions are also collision-resistant, meaning that it is infeasible to identify two inputs to a hash function that produce the same output. While many potential collisions exist — an infinite number of inputs are mapped to a finite number of outputs — hash functions are specifically designed to make them difficult to find.

Hash function collision resistance makes it valuable for integrity protection. If two inputs hash to the same hash value, then the two inputs are likely identical. For password storage, this means that a computer can store a hash of a user’s password and then validate future login attempts by comparing the stored hash and the hash of a submitted password rather than storing password information on a server where it could potentially be exposed or abused.

Where Hashing Goes Wrong

Hash functions are useful as long as they remain collision resistant. Some of the ways that hash functions’ benefits can be negated by misuse include:

• Use of a Weak Hash Algorithm: Hash functions generate outputs of a fixed length, which defines the number of potential inputs that an attacker needs to search to find a collision. If this output length becomes too short or the hash contains exploitable flaws, then the hash is no longer secure. MD5 and SHA1 are examples of hash functions with inadequate output lengths that are no longer fit for use.
• Unsalted Password Hashing: Hash functions are deterministic, so hashing the same password produces the same hash, which presents problems for password reuse. Password security best practices mandate that all hash passwords should use a salt (a small, unique value) to ensure that identical passwords hash to different values. Failure to salt passwords makes them more vulnerable to attack if hashes are compromised in a data breach.
• Salt Reuse When Hashing: Password storage best practices mandate the use of unique salts for each stored password to ensure that different passwords produce different hashes and to prevent use of rainbow tables. Use of the same salt for all stored passwords largely negates the value of the salt because an attacker can still identify duplicate passwords for different user accounts.

Case Study: EnroCrypt

EnroCrypt is an encryption and hashing module for Python. In 2021, CVE-2021-39182 disclosed that the library supported the use of insecure hash algorithms.

The EnroCrypt library included several hash functions as options in its hashing.py file. Among these was the MD5 hash algorithm, which has been considered vulnerable since 2005. Python developers who used the EnroCrypt library and were unaware of MD5’s weaknesses may have included it in their code.

Using Hash Functions Securely

Hash functions are a commonly misunderstood cryptographic algorithm because they are irreversible functions used for integrity protection (not data confidentiality) and do not use secret keys. Some best practices for the secure use of hash functions include:

• Use a strong hash algorithm such as SHA-256
• Use a trusted library implementation of cryptographic code
• Salt hashed passwords using a unique salt for each password

Up Next

To help build understanding of how cryptography can go wrong and how to fix it, we’ll continue to dive deep into prevention measures and most of the 29 CWEs related to OWASP’s A02:2021 – Cryptographic Failures vulnerability in a series of blogs. Each blog will describe the weakness, why it happens, a real-world case study, and recommended mitigations.

We’re very committed to improving the state of cryptography and data security by sharing knowledge and helping to correct common misconceptions about how cryptography works and how to use it properly. To keep up with this series and our other research and cryptography content, make sure to subscribe to our blog in the page footer below.