nanog mailing list archives
Re: IOS Rookit: the sky isn't falling (yet)
From: Valdis.Kletnieks () vt edu
Date: Tue, 27 May 2008 15:07:26 -0400
On Tue, 27 May 2008 19:49:21 BST, michael.dillon () bt com said:
Like MD5 File Validation? - "MD5 values are now made=20 available on Cisco.com for all Cisco IOS software images for=20 comparison against local system image values."I would expect a real exploit to try to match Cisco's MD5 hashes.
Although there is a known attack against MD5 that will generate two plaintexts with the same (unpredictable) hash, there is as yet no known way significantly better than brute force to generate a file which hashes to a given hash. On the other hand, there have been multiple cases where vandals have replaced a file on a download site, and updated the webpage to reflect the new MD5 hash. If you were an attacker, which would you go with: 1) The brute-force attack which will require hundreds of thousands of CPU-years. 2) The super-secret attack that causes a collision to a given hash that none of the crypto experts know about yet. 3) 'md5sum trojan_ios.bin' and cut-n-paste that into the web page.
By all means, check those hashes after you download them but I would suggest calculating a hash using an alternate algorithm for later checking.
You missed the point - if the *FILE* you downloaded from a webpage is suspect, why do you trust the MD5sum that *the same webpage* says is correct?
Attachment:
_bin
Description:
Current thread:
- Re: IOS Rookit: the sky isn't falling (yet), (continued)
- Re: IOS Rookit: the sky isn't falling (yet) Adrian Chadd (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) goemon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sargun Dhillon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sean Donelan (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) goemon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sean Donelan (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Kevin Oberman (May 27)
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Dorn Hetzel (May 27)
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon (May 28)
- Re: IOS Rookit: the sky isn't falling (yet) Steven M. Bellovin (May 28)
- Re: IOS Rookit: the sky isn't falling (yet) Gadi Evron (May 28)
- RE: IOS Rookit: the sky isn't falling (yet) Fred Reimer (May 29)
- RE: IOS Rookit: the sky isn't falling (yet) Jim Wise (May 29)
- Re: IOS Rookit: the sky isn't falling (yet) Jared Mauch (May 29)
- RE: IOS Rookit: the sky isn't falling (yet) Fred Reimer (May 29)