Dailydave mailing list archives
Re: Some Sums
From: "Thomas Ptacek" <tqbf () matasano com>
Date: Wed, 7 Feb 2007 07:54:10 -0600
For those playing along with Joanna at home, use: d86ded8e6f086cbc86bb07d854e58e1d60680958 Which is SHA-1, untruncated, of the same file and a different nonce. The point of posting the hash is so that I can say we did something ("devised a battery of checks that detect hardware virtualization") and not have people think we simply made it up. On 2/5/07, Joanna Rutkowska <joanna () invisiblethings org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Halvar Flake wrote:I admit that strictly speaking I have abused DD with the last mail. What about a general, publically archived mailing list where people can post hashes of results to follow up later ? Anyone who has read the matasano blog recently (Ptacek/Rutkowska debate) would tend to agree that we need something like this.And what would that change, really, if I posted today a hash of our (because now, there's also Alex and Edgar working on Blue Pill) recent achievements in Blue Pill development (e.g. generic ways to resist direct timing analysis using trusted external clocks)? Ok, true, we're planning to give a presentation later this year on this subject and that would be cool if nobody else gave something similar before us, but does that mean we should "buy an insurance" today for "being the first"? Sure, it's cool to be the first person who publicly presents something. And all the press spotlight is cool too. But at some point, we can easily get into absurd I think... If somebody else gave a similar presentation before me, I could only used it as an argument to support my thesis (in this very example, that CPU vendors should provide a documented way to detect the presence of h/w hypervisors). I'm not judging Halvar, who I consider to be a great researcher, but it's almost a new trend now - Tom Ptacek published some mysterious hash in order to convince mankind that it should not be worried of hardware virtualization malware, now Halvar, who's next? And what's the real goal? To show off that "I'm better then others"? Or am I missing something? BTW, as both MD5 and SHA1 are considered broken these days, I wonder how difficult would it be to prepare some other file matching Halvar's or Tom's signatures? How about we start a little contest? I will buy a dinner to the first person (at a conference that we both attend) who creates a document matching Tom Ptacek's hash, which is here: http://www.matasano.com/log/680/detecting-virtualized-rootkits/ (the way of creating a matching file should be documented) I assume it would be easier to break Tom's hash as he only posted SHA1, while Halvar, apparently anticipating something, published both SHA1 and MD5. joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFFx4kDORdkotfEW84RAjuEAKDgwvMP6yRxelMQFW01VnGp5NiRJgCg5j8F 8SnNprRjcx9XuDNROHwyQOc= =/HEp -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Superbowl sunday Dave Aitel (Feb 04)
- Some Sums Halvar Flake (Feb 05)
- Re: Some Sums Dave Korn (Feb 05)
- Re: Some Sums Halvar Flake (Feb 05)
- Re: Some Sums Dave Korn (Feb 05)
- Re: Some Sums Joanna Rutkowska (Feb 05)
- Re: Some Sums Thomas Ptacek (Feb 07)
- Re: Some Sums Dominique Brezinski (Feb 07)
- Re: Some Sums Chris Eagle (Feb 07)
- Re: Some Sums christian void (Feb 07)
- Re: Some Sums Dave Korn (Feb 05)
- Some Sums Halvar Flake (Feb 05)
- Re: Some Sums Peter Winter-Smith (Feb 05)