[Dshield] Digital sigs cracked

Chris Brenton cbrenton at chrisbrenton.org
Thu Jun 16 17:16:52 GMT 2005


On Thu, 2005-06-16 at 10:34, Don Jackson wrote:
>
> This regards newly discovered "collisions" (where two messages
> result in the same hash code) in the SHA-1 algorithm.   MD5 was
> "cracked" some time ago using the same methods.

Sort of. It is based on that work but takes it a step further.

> The odds that these messages could be construed as
> meaningful -- that is, that they are low-entropy, structured
> using a format or syntax for communication that makes
> sense to any person or system -- is infinitesimal!

I'm guessing you did not read the entire article because that is exactly
what they did. The researchers digitally signing a valid postscript
file, changed it, and generating the exact same hash signature while
still retaining a functional postscript structure. So we're not talking
theory here, they proved its possible. 

Now granted, what it comes down to is they only changed a single line in
the file. IMHO this is still pretty major as it opens up some scary
possibilities. Can I modify a binary to include a call to an external
malicious program and still generate the same digital signature? Based
on this research it certainly seems possible.

HTH,
Chris





More information about the list mailing list