[16546] in cryptography@c2.net mail archive
Re: The Pointlessness of the MD5 "attacks"
daemon@ATHENA.MIT.EDU (Bill Frantz)
Wed Dec 15 09:49:12 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 14 Dec 2004 22:31:01 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <41BEFC0C.2070300@algroup.co.uk>
On 12/14/04, ben@algroup.co.uk (Ben Laurie) wrote:
>Dan Kaminsky's recent posting seems to have caused some excitement, but=20
>I really can't see why. In particular, the idea of having two different=20
>executables with the same checksum has attracted attention.
>
>But the only way I can see to exploit this would be to have code that=20
>did different things based on the contents of some bitmap. My contention=
=20
>is that if the code is open, then it will be obvious that it does=20
>"something bad" if a bit is tweaked, and so will be suspicious, even if=20
>the "something bad" is not triggered in the version seen.
>
>So, to exploit this successfully, you need code that cannot or will not=20
>be inspected. My contention is that any such code is untrusted anyway,=20
>so being able to change its behaviour on the basis of embedded bitmap=20
>changes is a parlour trick. You may as well have it ping a website to=20
>find out whether to misbehave.
One scenario that might form an attack is to take code which is normally di=
stributed in executable form, for example RPMs, and make it possible to hav=
e two different programs that pass the same signature check. Given that so=
meone has arranged to have the doppleganger blocks generated as part of the=
output of the compiler, different binaries can later be injected into the =
distribution system without a signature verification failure.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The first thing you need when | Periwinkle=20
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
