[Cryptography] TPM and SHA-1
Ben Laurie
ben at links.org
Sat Mar 4 12:19:58 EST 2017
On 2 March 2017 at 00:28, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> And given the way SHA-1 is used for attestation, is
> there a feasible attack?
Certainly the current attacks would require writing code that switched
evil behaviour on based on the settings of some bits. The whole point
of attestation is to prove you're running some particular code,
therefore the evil code would be shown to the victim (though in a form
that made it not active). That seems somewhat hard to pull off, but
not impossible.
BTW, I don't know how SHA-1 is used for attestation, so maybe it
entirely avoids this problem by using, say, an HMAC with a random key.
More information about the cryptography
mailing list