Re: IOS Rookit: the sky isn't falling (yet)

["Dorn Hetzel" <dhetzel () gmail com>]

Perhaps Cisco and friends should take to periodically printing MD5 checksums
in full page ads in the New York Times or similar?

Maybe not impossible for an attacker to replicate, but it certainly does
raise the bar :)

On Tue, May 27, 2008 at 3:07 PM, <Valdis.Kletnieks () vt edu> wrote:

> On Tue, 27 May 2008 19:49:21 BST, michael.dillon () bt com said:
> > > Like MD5 File Validation? - "MD5 values are now made=20
> > > available on Cisco.com for all Cisco IOS software images for=20
> > > comparison against local system image values."
> >
> > I would expect a real exploit to try to match Cisco's
> > MD5 hashes.
>
> Although there is a known attack against MD5 that will generate two
> plaintexts
> with the same (unpredictable) hash, there is as yet no known way
> significantly
> better than brute force to generate a file which hashes to a given hash.
>  On the
> other hand, there have been multiple cases where vandals have replaced a
> file
> on a download site, and updated the webpage to reflect the new MD5 hash.
>
> If you were an attacker, which would you go with:
>
> 1) The brute-force attack which will require hundreds of thousands of
> CPU-years.
>
> 2) The super-secret attack that causes a collision to a given hash that
> none
> of the crypto experts know about yet.
>
> 3) 'md5sum trojan_ios.bin' and cut-n-paste that into the web page.
>
> >              By all means, check those hashes after you download
> > them but I would suggest calculating a hash using an alternate
> > algorithm for later checking.
>
> You missed the point - if the *FILE* you downloaded from a webpage is
> suspect,
> why do you trust the MD5sum that *the same webpage* says is correct?