MD5 is dead

Scientists have shown that the attack method devised against MD5 in 2004 is usable and can even trick code-signing tools into “believing” that the binary is the same.

We announce two different Win32 executable files with different functionality but identical MD5 hash values. This shows that trust in MD5 as a tool for verifying software integrity, and as a hash function used in code signing, has become questionable.
(Quote from the linked page)

What are the implications? Well, the worst and foremost is, that an attacker can put malicious code under the disguise of a valid and trusted signature. As an example: an elaborate attack could use a driver signed by Microsoft, and his own rootkit to create a content that is indistinguishable by MD5 hash. Thus allowing the attacker to trick the victim into believing that the code was signed by Microsoft – which is ultimately trusted on most Windows systems by default.

// Oliver

This entry was posted in EN, IT Security, Programming, Reversing, Software. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *