[Cryptography] Oracle discovers the 1990s in crypto
Ray Dillinger
bear at sonic.net
Mon Jan 23 14:30:35 EST 2017
On 01/23/2017 10:35 AM, Arnold Reinhold wrote:
> It’s true that tampering with existing signed objects requires a second pre-image attack, but creating two versions of software with the same sig could be accomplished by an entity who has the ability alter the final version of the legitimate object being signed, say by modifying a random nonce, bitmap or seed, or messing with white space in comments. This attack mode would only require a collision attack. The entity could be a mole working for loyalty to a cause, financial gain, or under duress. It might be done remotely if configuration management security is breached or the government could order cooperation e.g. in the U.S. by National Security Letter.
FWIW, the 'diff' utility as frequently deployed in software
shops ignores whitespace. A change to the code modifying
whitespace only would often pass without a 'blip' on change
control. Someone who has malicious code could modify its
source *and* the source of some innocuous program to have
the same hash, in such a way that the innocuous source would
not register as "changed" to a set of tools that might be
in use at the shop involved.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170123/1cff905e/attachment.sig>
More information about the cryptography
mailing list