{"id":42,"date":"2005-02-19T18:57:00","date_gmt":"2005-02-20T01:57:00","guid":{"rendered":"http:\/\/www.elbeno.com\/blog\/?p=42"},"modified":"2007-07-29T13:21:22","modified_gmt":"2007-07-29T20:21:22","slug":"sha-1-followup","status":"publish","type":"post","link":"https:\/\/www.elbeno.com\/blog\/?p=42","title":{"rendered":"SHA-1 Followup"},"content":{"rendered":"<p>More re the SHA-1 result:<\/p>\n<ul>\n<li>Around $30M (give or take a few million) should build you a machine to find a collision in a few days.<\/li>\n<li>What previously took (say) the NSA 40 years to figure out now takes about a week.<\/li>\n<li>A second preimage attack is theoretically 2<sup>106<\/sup>, according to a Schneier paper.<\/li>\n<\/ul>\n<p>If a registered game developer conspires with the XBox linux guys, the birthday attack (2<sup>69<\/sup>) is quite possible. Actually this raises an interesting point similar to the Nintendo vs Codemasters wrangles of the late 80s (if I&#8217;m remembering that correctly). Imagine you are a big publisher that has its own manufacturing processes and doesn&#8217;t want to rely on MS. Here&#8217;s what you do (would this work?):<\/p>\n<ol>\n<li>Spend around $30m to get a machine to find a collision. (Expensive, but $30m isn&#8217;t so much more than the cost of developing a big title &#8211; depends what this is worth to you).<\/li>\n<li>Write 2 XBEs &#8211; one is a game you have in dev, one is a generic loader program.<\/li>\n<li>Make it so that the SHA-1 hashes of the 2 XBEs collide. (Assumedly not too hard; use the machine, and adjust a bit of random padding on both until you get a collision.)<\/li>\n<li>Publish the game as normal through MS. They sign the game. But the crucial point is that the same signature that is now on the game will also fool a retail XBox into loading your generic loader program.<\/li>\n<li>Job done &#8211; you now have a loader program that you can use to run any game, without having to submit anything else to MS. Let the legal battles begin&#8230;<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>More re the SHA-1 result: Around $30M (give or take a few million) should build you a machine to find a collision in a few days. What previously took (say) the NSA 40 years to figure out now takes about a week. A second preimage attack is theoretically 2106, according&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,9],"tags":[],"class_list":["post-42","post","type-post","status-publish","format-standard","hentry","category-games","category-windows"],"_links":{"self":[{"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=42"}],"version-history":[{"count":0,"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/42\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.elbeno.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}