[Dailydave] Some Sums
Joanna Rutkowska
joanna at invisiblethings.org
Mon Feb 5 14:44:04 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Halvar Flake wrote:
> I admit that strictly speaking I have abused DD with the last mail.
> What about a general, publically archived mailing list where
> people can post hashes of results to follow up later ? Anyone who
> has read the matasano blog recently (Ptacek/Rutkowska debate) would
> tend to agree that we need something like this.
>
And what would that change, really, if I posted today a hash of our
(because now, there's also Alex and Edgar working on Blue Pill) recent
achievements in Blue Pill development (e.g. generic ways to resist
direct timing analysis using trusted external clocks)?
Ok, true, we're planning to give a presentation later this year on this
subject and that would be cool if nobody else gave something similar
before us, but does that mean we should "buy an insurance" today for
"being the first"?
Sure, it's cool to be the first person who publicly presents something.
And all the press spotlight is cool too. But at some point, we can
easily get into absurd I think...
If somebody else gave a similar presentation before me, I could only
used it as an argument to support my thesis (in this very example, that
CPU vendors should provide a documented way to detect the presence of
h/w hypervisors).
I'm not judging Halvar, who I consider to be a great researcher, but
it's almost a new trend now - Tom Ptacek published some mysterious hash
in order to convince mankind that it should not be worried of hardware
virtualization malware, now Halvar, who's next? And what's the real
goal? To show off that "I'm better then others"? Or am I missing something?
BTW, as both MD5 and SHA1 are considered broken these days, I wonder how
difficult would it be to prepare some other file matching Halvar's or
Tom's signatures? How about we start a little contest? I will buy a
dinner to the first person (at a conference that we both attend) who
creates a document matching Tom Ptacek's hash, which is here:
http://www.matasano.com/log/680/detecting-virtualized-rootkits/
(the way of creating a matching file should be documented)
I assume it would be easier to break Tom's hash as he only posted SHA1,
while Halvar, apparently anticipating something, published both SHA1 and
MD5.
joanna.
-----BEGIN PGP SIGNATURE-----
iD8DBQFFx4kDORdkotfEW84RAjuEAKDgwvMP6yRxelMQFW01VnGp5NiRJgCg5j8F
8SnNprRjcx9XuDNROHwyQOc=
=/HEp
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list