Jakub Wilk wrote:
The purpose of adding garbage could be to make a modified tarball
match the signature.
Which is why we also supply the length.
I thought the idea was to create a smaller malicious tarball, then
append "garbage" until the size and the hash match.
With xz you don't need trailing garbage to match the size and the hash.
Xz allows you to insert as much garbage inside the file as you want. Xz
is an ideal vector for malware because it is strict with the envelope
but lax with the message.
I have no experience at all rigging tarballs, but it took me just
minutes to obtain two xz compressed tarballs with very different
contents that match in size and sum(1). I did it just with an editor,
ddrescue and data from /dev/urandom, by brute force, without any
knowledge about the algorithm of sum. And I did it not once, but twice.
The original tarballs are 1 and 2. 1b and 2b are the altered versions
yielding the same sum as the opposite original tarball:
-rw-r--r-- 1 10292 2015-08-07 11:52 collision1.tar.xz
-rw-r--r-- 1 10292 2015-08-07 13:32 collision1b.tar.xz
-rw-r--r-- 1 10292 2015-08-07 11:53 collision2.tar.xz
-rw-r--r-- 1 10292 2015-08-07 13:04 collision2b.tar.xz
$ sum collision*.tar.xz
42870 11 collision1.tar.xz
53341 11 collision1b.tar.xz
53341 11 collision2.tar.xz
42870 11 collision2b.tar.xz
$ xz -t collision*.tar.xz ; echo $?
0
$ tar -tf collision1.tar.xz ; echo $?
configure
0
$ tar -tf collision1b.tar.xz ; echo $?
configure
0
$ tar -tf collision2.tar.xz ; echo $?
Makefile
0
$ tar -tf collision2b.tar.xz ; echo $?
Makefile
0
If a weak hash is used, or if a way of creating hash collisions is
found, xz makes it easy to create altered tarballs with the same hash
and size. Just try to do the same with bzip2, gzip or lzip without
adding trailing garbage.
Best regards,
Antonio.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/55c4b892.5010...@gnu.org
