Hi, Darac Marjal wrote: > It's difficult to provide a malicious ISO with the same MD5 as another, but > not impossible. You can just append a certain amount of junk data until the > hashes match.
Or you manipulate a dedicated byte array in your evil add-on. This would avoid suspicious size changes. Dirichlet's pidgeon hole principle tells us that in average 16 bytes will suffice. The design goals of a hash algorithm strive for even distribution. So the 16 byte might suffice in all cases. Quite surely they suffice in most cases. Nevertheless it is not yet feasible by brute force ... i guess. Other than with MD5 "encrypted" passwords, you cannot simply create a giant dictionary which would give you a matching input string when you look up an MD5. Also, the passwords are in most cases shorter than 16 bytes. So you do not need 2 exp 128 entries in your dictionary in order to have a good chance to find a matching password. > Similarly, you CAN do the same with SHA-1. That would need an array of 20 bytes in average. (Probably an algorithm would work better if it had more bytes to play with.) > *and* you have to keep the length the same *and* the file has to be > coherent enough to work These are no substantial obstacles. The only thing you need (and which is intentionally hard to do) is reverse computation of the hash value. I.e. find one of the many many many representants of the hash class of that value with the given length. Currently i wonder whether they packed up a new ISO or whether they just patched the content of a binary file in the ISO, which is supposed to be executed by normal installation or system use. One could judge by comparing fake with original ISO. Have a nice day :) Thomas
