Exam SY0-601 topic 1 question 310 discussion

It's a cryptographic attack. The content is different, but the hashes match which is why the integrity check can't be validated. From Professor Messer: In a birthday attack, attacker will generate multiple versions of plaintext to match the hashes.

A collision attack involves finding two different inputs that produce the same hash value. In the context of this question, the attacker has likely found a way to generate a modified document that produces the same hash value as the original document, allowing them to replace the original document with the modified version without invalidating the digital signature. This manipulation goes unnoticed since the modified document appears to have the same integrity as the original, but with additional verbiage added. It's important to note that collision attacks are rare and usually require significant computational resources and expertise to execute successfully. However, when they occur, they can undermine the integrity and trustworthiness of digital signatures and cryptographic systems.

Google Says "Hash substitution is a malicious action that involves replacing the contents of a file with altered or malicious content while keeping the same hash value. This can allow an attacker to modify a document without invalidating the digital signature, which is often based on the hash of the signed content" I say its B

I would say B. Hash substitution because collision is "a random match in hash values that occurs when a hashing algorithm produces the same hash value for two distinct pieces of data." ACTUALLY, after researching some more to make my argument for hash substitution, I really couldn't find much. Everything points to hash collision. In fact, the only place that myself or Google's Gemini could find mentioning Hash substitution was this site. So while I don't particularly agree with collision, I cannot truly verify what hash substitution really is... idk I just hope I dont get this question on my exam lol

B or C, this is a terrible question.

Based on the author not being able to validate an integrity issue. I would go with hash substitution. If he was able to validate integrity and there are still changes to document then we can say that the two hashes are the same thus collision

No hashing at play. Other dont make sense. So it C

Hash substitution involves replacing the original content of a file with malicious or altered content while maintaining the same hash value. Since digital signatures are often based on hashes of the signed content, if an attacker can substitute the document with a different version that has the same hash value, the digital signature may still appear valid. This allows the attacker to modify the document without invalidating the digital signature, potentially leading to unauthorized changes going unnoticed.

Answer B. Hash substitution.

B. Hash Substitution While Hash "Collisions" can happen by accident when an attacker is able to find an input that produces the same hash value (checksum) to produce an entirely different file or document would cause an Integrity issue because than there would be two separate files with the same hash value. The question says the author was not able to validate an integrity issue which mean it is a modified document that was substituted with the same hash. This allows it to go unnoticed and without any integrity issues.

B is correct not c it’s in the Jason dion questions and the mike meters questions.

"Hash substitution" is NOT a recognized term in the context of cybersecurity or cryptographic attacks

No such thing as collision attack

B. Hash substitution: The described scenario is consistent with a hash substitution attack. In this type of attack, an attacker replaces a file with a different version that has the same hash value as the original. Since digital signatures are often based on the hash of the document, if the hash remains unchanged, the digital signature may still appear valid. Collision: A collision in the context of hash functions occurs when two different inputs produce the same hash output. Collisions can happen unintentionally due to the nature of hash functions, but they are not created with a specific malicious intent. Cryptographic hash functions are designed to minimize the likelihood of collisions. Hash Substitution: Hash substitution, on the other hand, is typically a deliberate and malicious act. It involves replacing a file with a different version that has the same hash value as the original. This can be done with the intention of evading detection, especially in scenarios where digital signatures or integrity checks are based on the hash value.

Hash Substitution is the correct answer. B. Hash substitution In a hash substitution attack, an attacker modifies the content of a file while keeping the same hash value (checksum). This allows them to replace a legitimate file with a malicious or modified version without changing the hash value, making it appear as if the file has not been tampered with. In the given scenario, the attacker replaced a digitally signed document with another version that went unnoticed by the author, indicating a hash substitution attack where the hash value remained the same despite the content alteration. As such, B is the right choice.

I strongly believe it is B hash sub. And there is no mention of the “hash remained the same”! One more thing, never make assumptions with Comptia.

Hash substitution since the attacker replaces the original file with a fake. For nonrepudiation purposes it's common to create a unique hash like for the chain of custody. Since we know a fake was used in place of the original, we know the hash must have been substituted