hashes and collisions have been on the back-burner for a bit now w/ recent hullabaloo...
so the thought that keeps coming back (reminder: /me != math guy) came from my experiences w/ gentoo... either the kernel or portage (but not both ;) used .sig files which contained multiple hashes for verification of the download integrity.
so say you've got a 1/x chance of collision in md5 and a 1/y chance of collision in sha1 (assuming that x & y are both reasonably large numbers), then isn't the likelihood of getting a collision of *both* hashes on the same file exponentially larger than getting a collision on x or y individually?
so if we're really worried about the apparently real weaknesses in some md5 and the up and coming realistic weaknesses in sha1 (via that chinese-professor-ninja-woman & her math students iirc), why not just start checking multiple hashes each time we verify integrity?
no new technology needed, just parse more than 1 value before you evaluate that if/then to true, right?
Showing posts with label hashes. Show all posts
Showing posts with label hashes. Show all posts
Thursday, February 5, 2009
Friday, May 9, 2008
certs and paranoia
so did the gmail ssl cert change today for anyone else, or did someone just MitM me?
i've been in the habbit of checking the hash on the site for a while now. i think kaminsky talked about doing things to help remember hashes a few years back at blackhat/dc (i think he proposed using phases derived from the hash value, which are easier to remember, but i'm not sure). i know others have talked about hash visualization... i dug around for a hash visualization plugin for firefox, and turned up nothing, and am kicking around building one (w/ all my free time ;)...
anyway, it's tough to remember those long hash strings, so i was using the weaker method of just remembering a few values and their placement in the hash string. much to my surprise this morning, the values i was expecting were no longer there...
sooooo, now what? i hit cancel... then i went back and examined the cert, and the cert chain. but wtf am i lookin for? if they can gen a fake gmail cert, they can gen a fake cert chain too, right? so anyway, i went ahead and logged in after a few min of indecision. i need to rotate my passwords anyway ;)
but now i'm left wondering what is the right thing to do when a cert changes... how do you verify that it is legit, and not a MitM? guess i've got some reading to do...
i've been in the habbit of checking the hash on the site for a while now. i think kaminsky talked about doing things to help remember hashes a few years back at blackhat/dc (i think he proposed using phases derived from the hash value, which are easier to remember, but i'm not sure). i know others have talked about hash visualization... i dug around for a hash visualization plugin for firefox, and turned up nothing, and am kicking around building one (w/ all my free time ;)...
anyway, it's tough to remember those long hash strings, so i was using the weaker method of just remembering a few values and their placement in the hash string. much to my surprise this morning, the values i was expecting were no longer there...
sooooo, now what? i hit cancel... then i went back and examined the cert, and the cert chain. but wtf am i lookin for? if they can gen a fake gmail cert, they can gen a fake cert chain too, right? so anyway, i went ahead and logged in after a few min of indecision. i need to rotate my passwords anyway ;)
but now i'm left wondering what is the right thing to do when a cert changes... how do you verify that it is legit, and not a MitM? guess i've got some reading to do...
Subscribe to:
Posts (Atom)
