Dailydave mailing list archives

Re: I love PKI :) (was Some Propaganda.)

From: ergosum <ergosum () neurosecurity com>
Date: Thu, 16 Nov 2006 23:22:59 +0100

Just to make it clear - I don't think that enforcing the use of digital
signatures on all executables is an effective way to *block* malicious
code execution. That would never work in 100%, as there is always a
possibility to find a bug (in a signed application) and exploit it, not
to mention that anybody could buy a signature and sign his or her
malicious code with it.


Not only the implementation might be flawed, but the algorithm itself can be 
flawed. Just remember the recent md5 collisions 
(http://www.stachliu.com/research_collisions.html) (which btw permited the 
creation of custom binaries with the same signature as the original non 
modified bin) or sha0 and sha1 (http://www.cryptography.com/cnews/hash.html) 
collisions.

Cheers


-- 
http://www.neurosecurity.com

"We must be the change we wish to see in the world"
Mahatma Gandhi
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Some Propaganda. Piotr Bania (Nov 14)
- Re: Some Propaganda. Arun Koshy (Nov 14)
- Re: Some Propaganda. Joanna Rutkowska (Nov 15)
  - Re: Some Propaganda. Halvar Flake (Nov 15)
  - Re: Some Propaganda. dan (Nov 15)
    - I love PKI :) (was Some Propaganda.) Joanna Rutkowska (Nov 16)
    - Re: I love PKI :) (was Some Propaganda.) ergosum (Nov 17)
    - Re: I love PKI :) (was Some Propaganda.) Danny Quist (Nov 19)
- <Possible follow-ups>
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Marek Bialoglowy (Nov 16)