Full Disclosure mailing list archives
Re: Re: Case ID 51560370 - Notice of ClaimedInfringement
From: Jason <security () brvenik com>
Date: Fri, 08 Apr 2005 13:45:51 -0400
Valdis.Kletnieks () vt edu wrote:
On Fri, 08 Apr 2005 12:50:24 EDT, Jason said:I think that entirely depends on the format the file is distributed in. You could take a zipfile and pad it in non critical areas to change the MD5 without creating a substantial difference in the deliverable content. You could do the same with gzip or bzip formatted files. You could also pad any embedded jpeg images to engineer a collision. There are quite a few opportunities where this method could be used to twiddle the new MD5 without materially changing the content.It's easy to tweak a file and get a different MD5. That's why Tripwire works.Software that is ~150M in size, it gets redistributed as a new file that is 160M is size but has a collision with your software which is also 160M in size. I imagine there would be some computational time involved to find the appropriate collision but a lot less computational time than finding a perfect match to the original.You're missing the point. Let's say we have a file A that's 150M in size, and a file B that's 160M in size. File B is *not* under our control, and has a known fixed MD5 hash. It's easy to take file A, and create 2 files C and D from it that happen to have the same MD5 hash as each other. What is *NOT* easy is creating a file E that has the same hash as A or B.
I get the point just fine. Injecting files C and D results in a situation that cannot be resolved without downloading both files.
Song A = mp3 format file with valid license to BSA Song B = mp3 format file without valid license to BSA Song C = zip of Song A plus pad to generate MD5 Song D = zip of Song B plus pad to generate same MD5It is now impossible to distinguish between C and D without downloading both. The content inside is still fully usable and valid but a violation cannot be confirmed without yourself violating the law.
What you might see in a DL dialog NAME MD5 SIZE somefile.zip ABCD321312 120M someotherfile.zip ABCD321312 120MYou cannot remotely know that either file is in fact the content you are looking for without downloading both files. Both files may not be the content you are looking for. How can you remotely distinguish that a violation has occurred?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement, (continued)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Thierry Zoller (Apr 07)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Anders Breindahl (Apr 07)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 07)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement AJ C (Apr 07)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 07)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement bkfsec (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Valdis . Kletnieks (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement dk (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Valdis . Kletnieks (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Valdis . Kletnieks (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement AJ C (Apr 07)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Thierry Zoller (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Jason (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Thierry Zoller (Apr 09)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Scott Edwards (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Honza Vlach (Apr 09)
- Re: Re: Case ID 51560370 - Notice ofClaimedInfringement class101 () HAT-SQUAD com (Apr 08)