IOS Rookit: the sky isn't falling (yet)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue May 27 19:07:26 UTC 2008


On Tue, 27 May 2008 19:49:21 BST, michael.dillon at bt.com said:
> > Like MD5 File Validation? - "MD5 values are now made=20
> > available on Cisco.com for all Cisco IOS software images for=20
> > comparison against local system image values."
> 
> I would expect a real exploit to try to match Cisco's
> MD5 hashes.

Although there is a known attack against MD5 that will generate two plaintexts
with the same (unpredictable) hash, there is as yet no known way significantly
better than brute force to generate a file which hashes to a given hash.  On the
other hand, there have been multiple cases where vandals have replaced a file
on a download site, and updated the webpage to reflect the new MD5 hash.

If you were an attacker, which would you go with:

1) The brute-force attack which will require hundreds of thousands of CPU-years.

2) The super-secret attack that causes a collision to a given hash that none
of the crypto experts know about yet.

3) 'md5sum trojan_ios.bin' and cut-n-paste that into the web page.

>              By all means, check those hashes after you download
> them but I would suggest calculating a hash using an alternate
> algorithm for later checking.

You missed the point - if the *FILE* you downloaded from a webpage is suspect,
why do you trust the MD5sum that *the same webpage* says is correct?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080527/2cb9ba1c/attachment.sig>


More information about the NANOG mailing list