MD5 strengthen the authentication challenge Wang xiaoyun cracked-vulnerability warning-the black bar safety net

ID MYHACK58:6220069577
Type myhack58
Reporter 佚名
Modified 2006-06-05T00:00:00


Dreaming think a strengthening of the md5 authentication method to Wake up a hurry to test it

Earth people know that MD5 is the king of a small cloud break!!! Broken!!! Broken!!! Broken!!! Breaking the~to shut up

In fact,not broken but with their algorithm, in the number of hours it is possible to find MD5 collisions. Is you use a IBM P690 number

Hour create two MD5 the same content to different stuff. A little mean. the ibm p690 is 3 2 cpu, 8GB RAM

The machine, sigh, this thing we but can't afford it. Not to mention it's just a collision, if you want to according to known file to construct a

The same md5 and different content to the stuff that's more difficult, in Network Security terms, if you want to construct a talk to system files

The same md5 and different content can be run Trojan horse that is that difficult!

The world no absolute, if really have so a day, I mean if may is tomorrow, you suddenly find your home loom more

3 1 cpu, but more out of 7G of memory, then what are you waiting for hurry up do fake md5 a back door.

You with obscene eyes locked system files lsass.exe detect it the md5 value for the

41919B8C4B96079EC210D1BF269EE39D then you open notepad and write a rootkit: the lsass. rootkit

Note: I said here about windows Notepad to write the rootkit method the key is you have to save for. rootkit

如果 你 保存 为 .txt that is the text format for a lot of people wrote the rootkit to run not because of this reason

Well here we compare the two stuff see screenshot

! attachments/200606/04_054416_1.gif

Such a rootkit would write well due to the md5 value with the system files lsass. the exe is the same as the more increasing the check difficulty

Then yy, as, if the backdoor is written into the popular program, such as staffing a parts winrar, BT, icesword, etc. software

Placed for everyone to download, md5 values are the same for the recruitment of so much Wahaha... and

Say a bunch of nonsense right now into the chase, if this is the case one day appeared, I'm dreaming of time to think up a strengthen

Validation of the method.

Thought process I will not described in detail, is nothing more than brush your teeth and wash your face, lying in bed, the hazy room came up with.

Specifically talk about the conjecture.

We can attach a verification file to the lsass.exe then put the two together and then check their md5 value.

Even if you can be configured with the system files with the same md5 of the rootkit, even if you can fake a md5 the same validation file,

But you have to forge the authentication file + lsass.exe the resulting md5 value that's impossible, Wahaha... and

This is still conjecture, can by have to test it, we test it.

See screenshot

! attachments/200606/04_054503_2.gif

Alas the fuck out, the key is to use copy/b to combine his two time of the order, the posture, the WHO before? Who? Who? Who next? Very important!

To summarize:

References __

When using copy/b lsass.exe+md5check lsass. rootkit+md5check draw lsass. md5 lsass. rootkit. md5

When both the md5 will still be the same

When using the copy/b md5check+lsass.exe md5check+lsass. rootkit draw lsass. md5 lsass. rootkit. md5

When the two md5 not the same

References __

With this method you can verify the file md5 and not afraid to be forged.

Specific application? if it is available to others to download the file should provide an additional validation file md5check and the three md5 values

Are is download the file the md5 value to verify the file's md5 value and a combination of both after the md5 value

If it is system file can also according to the same method as well in the system file is not large though, but write a program to traverse I see soon

Can be fixed up the Oh finally yy is completed if it is really to the md5 can be any falsification of the day I see the md5 has long been

md6,7,8,9 instead of the Don't bother to verify. ^ _ ^

PostScript: I usually put the articles sent to the Phantom brigade and security focus goes, a reporter asked me, you are sent to the Phantom or first to the security focus of Al

I was at the same time, journalists say impossible, well, there is definitely a first, and one after it. I said:“You ask this question very unfriendly

A bit fucked up, there is a point to sow discord, the Chinese media can not be so such a vulgar bunch. in. You make me very happy. I think you're asking

This little sow alienation of feeling, it is not friendly, I'm sorry, I say a little rough, because I'm not happy that you're asking

Problem. Because you make me upset, I have upset you, this is my life. I think you can't do a rotten media,

Can only be a good media. I like this, I just like that, as for you, I so to answer you High not happy I also not called.

I'm so, you don't trick me, I'm friendly, you have to trick me, I'll let you not amused.” relax is just a joke ^_^

ps: the article mentioned stuff are playing to bring the transmission up to everyone to test it more criticized much. ha

To to Supplement the two: iamidler: the sha1 +md5 in fact, this method is also Wang Xiao Yun engage in a crash later was made to do so In addition I added a: with rar compression and then verify the md5 of the data contents of the different compression out of the pound md5 natural different a Oh, but the rar method or not insurance think you know why. there are two cases.