nanog mailing list archives
Re: IOS Rookit: the sky isn't falling (yet)
From: "Dorn Hetzel" <dhetzel () gmail com>
Date: Tue, 27 May 2008 15:18:17 -0400
Perhaps Cisco and friends should take to periodically printing MD5 checksums in full page ads in the New York Times or similar? Maybe not impossible for an attacker to replicate, but it certainly does raise the bar :) On Tue, May 27, 2008 at 3:07 PM, <Valdis.Kletnieks () vt edu> wrote:
On Tue, 27 May 2008 19:49:21 BST, michael.dillon () bt com said:Like MD5 File Validation? - "MD5 values are now made=20 available on Cisco.com for all Cisco IOS software images for=20 comparison against local system image values."I would expect a real exploit to try to match Cisco's MD5 hashes.Although there is a known attack against MD5 that will generate two plaintexts with the same (unpredictable) hash, there is as yet no known way significantly better than brute force to generate a file which hashes to a given hash. On the other hand, there have been multiple cases where vandals have replaced a file on a download site, and updated the webpage to reflect the new MD5 hash. If you were an attacker, which would you go with: 1) The brute-force attack which will require hundreds of thousands of CPU-years. 2) The super-secret attack that causes a collision to a given hash that none of the crypto experts know about yet. 3) 'md5sum trojan_ios.bin' and cut-n-paste that into the web page.By all means, check those hashes after you download them but I would suggest calculating a hash using an alternate algorithm for later checking.You missed the point - if the *FILE* you downloaded from a webpage is suspect, why do you trust the MD5sum that *the same webpage* says is correct?
Current thread:
- Re: IOS Rookit: the sky isn't falling (yet), (continued)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) goemon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sargun Dhillon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sean Donelan (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) goemon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sean Donelan (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Kevin Oberman (May 27)
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Dorn Hetzel (May 27)
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon (May 28)
- Re: IOS Rookit: the sky isn't falling (yet) Steven M. Bellovin (May 28)
- Re: IOS Rookit: the sky isn't falling (yet) Gadi Evron (May 28)
- RE: IOS Rookit: the sky isn't falling (yet) Fred Reimer (May 29)
- RE: IOS Rookit: the sky isn't falling (yet) Jim Wise (May 29)
- Re: IOS Rookit: the sky isn't falling (yet) Jared Mauch (May 29)
- RE: IOS Rookit: the sky isn't falling (yet) Fred Reimer (May 29)
- RE: IOS Rookit: the sky isn't falling (yet) Jim Wise (May 29)