Bugtraq mailing list archives
Re: SHA-1 broken
From: <dullien () gmx de>
Date: Sat, 19 Feb 2005 09:41:36 -0800
Hey all,
And what about the case for (uncompressed) binary images ?
Base64-encode them before hashing. On top of that, let me sketch under what scenario a collision on binaries is relevant: Mallory generates a collision-byte-string, a and a'. In order to do anything evil she has to construct two innocent-looking executables containing thesestrings of which one has to be signed. She can then replace the "good" version with the "evil" version. So far the theory. Now how does the practical part of
it look ? Let's begin this by fixing one assumption:1) Whoever signs the executables is sane, e.g. will refuse to sign executables that he cannot analyze, e.g. stuff that depends on self-decrypting code etc. He will furthermore reject executables containing non-standard constructs (stuff that
a compiler won't emit, which is relatively easy to check). Claim: a and a' have to be valid, executable code in order for Mallory to be evil. Reasoning: If a and a' are merely data, the program containing themhas to interpret them, and as such have all the code (API calls etc) that is later-on used for evil deeds present in the executable (both the "good" and the "bad" one),
and a sane signer won't sign them.Now we have a really tight restriction on a and a', namely that it is valid, executable code does not contain anything a compiler wouldn't emit. Wow. Try generating a
collision with that :-)I am not trying to claim that the attacks aren't a major breakthrough, but unless
someone goes out produces better collisions or solves second preimage MD4 (or better), we need not be overly worried. Cheers,Thomas Dullien
Current thread:
- SHA-1 broken Gadi Evron (Feb 16)
- Re: SHA-1 broken Kent Borg (Feb 17)
- Re: SHA-1 broken Michael Cordover (Feb 17)
- Re: SHA-1 broken dullien (Feb 19)
- Re: SHA-1 broken D.J. Capelis (Feb 19)
- Re: SHA-1 broken Michael Cordover (Feb 20)
- Re: SHA-1 broken Dan Harkless (Feb 19)
- Re: SHA-1 broken Robert Sussland (Feb 17)
- Re: SHA-1 broken dullien (Feb 19)
- Re: SHA-1 broken Darren Reed (Feb 19)
- Re: SHA-1 broken dullien (Feb 19)
- Re: SHA-1 broken Tollef Fog Heen (Feb 19)
- Re: SHA-1 broken Denis Jedig (Feb 21)
- Re: SHA-1 broken dullien (Feb 19)
- <Possible follow-ups>
- RE: SHA-1 broken Scovetta, Michael V (Feb 17)
- RE: SHA-1 broken Frank Knobbe (Feb 21)
- RE: SHA-1 broken Michael Silk (Feb 19)
- Re: SHA-1 broken exon (Feb 19)
- Re: SHA-1 broken Peter J. Holzer (Feb 21)
- Re: SHA-1 broken Brian May (Feb 19)
- Re: SHA-1 broken exon (Feb 19)