Hunting for Rootkits
Posted Mar 1, 2007 19:43 UTC (Thu) by tialaramex
In reply to: Hunting for Rootkits
Parent article: Hunting for Rootkits
Specifically the method generates _two_ files (not plain text but it could easily be PDF, HTML or various other formats) with the same MD5 digest value.
The files have the same length, but a block of nonsense (wrapped with a comment, or in a hidden inline image, or concealed in some other way) is different between the two files. A suitable feature of the file format is needed to make the apparent contents conditional on the nonsense data.
There is no way to use this attack, or any variation on the attack, to create an imposter for an existing file.
The threat model for which the attack is relevant is digital signing of third party documents. Imagine a company uses digital signatures to authorise purchase orders instead of hand written signatures. Suppose you're allowed to sign for POs up to $5000 without confirmation. A salesman from a new company offers you a great deal, for $200 you can get the parts you'd otherwise need to spend nearly $500 on elsewhere. He sends you a PDF to sign, which shows the $200 price, you sign it, and once the parts arrive you forget about it, central finance can do the paperwork. A few months later you're called into your bosses office because you've gone way over budget. The salesman, and the money, are long gone, but there's a PDF, signed by you, which clearly says the price is $4000 and so central finance paid the invoice.
If you use binary executables, or even certain types of configuration file, which have unexplained content, and you don't trust the party which created them, then you have a problem. You'd be vulnerable to this attack, but more importantly, you're already running untrusted code. If you trust the people who built your program executables, wrote your configuration files etc. then the known flaws in MD5 and SHA-1 are nothing to worry about in this particular application.
to post comments)