IOS Rookit: the sky isn't falling (yet)
ge at linuxbox.org
Wed May 28 23:20:48 CDT 2008
On Thu, 29 May 2008, Steven M. Bellovin wrote:
> On Wed, 28 May 2008 10:37:05 +0100
> <michael.dillon at bt.com> wrote:
>>> So let's see - if you had a billion CPUs in your botnet, and
>>> each one could go at a billion to the second, you still need
>>> 2**69 seconds or 449,235,776,528,695 years. Not bad - only
>>> 10,000 times the amount of time this planet has been around,
>>> so yeah, that's the way they'll attack all right.
>> I didn't say that. I said that they are starting with an IOS image
>> in which there are some small number of bytes which they can possibly
>> change and still have a functional image. So it is likely that they
>> will brute force that by computing an MD5 hash on all variations of
>> those few bytes. It's like winning the lottery, you only *NEED* to
>> buy one ticket. No matter how slim the chances are of bad guys winning
>> that lottery, it is no excuse for ignoring the possibility that an
>> MD5 hash check may not be proof that you have an original image.
> Did you even look at Valdis' arithmetic? It *won't work*. It isn't
> "likely" that they'll try anything with that low a chance of success.
> As for "no matter how slim the chances" -- if you want to have even a
> vague chance of succeeding before Sol turns into a red giant, you're
> going to have to devote enormous resources to the project. (Actually,
> I don't think you can succeed even then, not by brute force -- there
> aren't a "small number of bytes" that can be changed, you can introduce
> "random" "typographical" errors in error messages for the SNA stack or
> some such, and if you're doing a brute force pre-image attack on MD5 any
> bit is as good as any other.) Let's put it purely in economic terms:
> which is a better way to invest your effort, building a machine (or
> botnet) with many billions of processors and still having no plausible
> chance of winning, or -- as you yourself suggest -- getting the HVAC
> contract for the data center. Or putting back doors in the chips. Or
> bribing or blackmailing coders. Or breaking into the vault where Cisco
> keeps its master RSA key. Or funding a vast research effort on
> cracking MD5 before it's replaced by SHA-512. Or *something* even
> vaguely sane, because brute-forcing MD5 isn't physically possible.
I don't understand how this disucssion got to breaking MD5 to begin with?
The whole point was that the results will be manipulated due to the
rootkit messing with the test, no?
> --Steve Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG