Md5 Attack On Microsoft's Authenticode


Recommended Posts

20 January 2009, 16:06

MD5 attack on Microsoft's Authenticode

A security expert has managed to transfer the digital signature of one Windows program to another, without invalidating the signature. Didier Stevens, who presented the attack in his blog, exploited the fact that Microsoft's Authenticode code signing standard accepts the vulnerable MD5 hash algorithm. Stevens used this to generate two programs which have identical code signatures, but behave differently.

Similar collision attacks on MD5 have already caused considerable commotion. The most prominent example is probably the work of a group of researchers who used this method to obtain a Certificate-Authority SSL certificate trusted by all common web browsers. The attack on Authenticode only requires minimal changes to the tools already available for calculating collisions. Authenticode signatures disregard file checksums and pointers to the signature of Windows program files because these change during the signing process."

Heise Security for further details: http://www.heise-online.co.uk/security/MD5...e--/news/112448

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...