[p2p-hackers] SHA1 broken?
Jim McCoy
mccoy at mad-scientist.com
Thu Feb 17 22:31:43 UTC 2005
On Feb 17, 2005, at 2:11 PM, Serguei Osokine wrote:
> On Thursday, February 17, 2005 Nick Lothian wrote:
>> It's not hard to imagine spyware manufactures modifying common
>> opensource applications (eg: p2p software) so they include spyware
>> and yet still have the same hash.
>
> Sure, but then they would have to find some innocently looking
> way to include something like this into the open source app:
> [collision data A]
> - which is no big deal, could be a bitmap. However, after that they
> would have to modify the application to use the text above as a jump
> table to a malicious code, which would be dormant in the application
> until the data is changed to:
> [collision data B]
So tell me, when was the last time you ran your SSL library through a
debugger to determine with complete confidence that the modulii being
used were not insecure ones? With this attack I could distribute a
copy of a crypto library that seemed to match the hash it was supposed
to have, but which was in fact opening you up to certain crypto
attacks.
As was pointed out on the crypto list thread zooko referenced, this is
probably the only practical attack that can be made in this fashion
right now. I can replace your crypto modulus, some RNG seeds, and
other bits of data that are used by applications (and not just
displayed, like the bitmap you suggest) which are of the "big,
random-looking number" format.
Jim
More information about the P2p-hackers
mailing list