Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud

  • Please log in to reply
2 replies to this topic

#1 NickAu


    Bleepin' Fish Doctor

  • Moderator
  • 13,570 posts
  • Gender:Male
  • Location: Australia
  • Local time:11:29 PM

Posted 05 November 2014 - 03:50 PM


Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft's Windows Update mechanism.

Nathaniel McHugh ran open source software known as HashClash to modify two separate images—one of them depicting funk legend James Brown and the other R&B singer/songwriter Barry White—that generate precisely the same MD5 hash, e06723d4961a0a3f950e7786f3766338. The exercise—known in cryptographic circles as a hash collision—took just 10 hours and cost only 65 cents plus tax to complete using a GPU instance on Amazon Web Service. In 2007, cryptography expert and HashClash creator Marc Stevens estimated it would require about one day to complete an MD5 collision using a cluster of PlayStation 3 consoles.


Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud





BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,769 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:29 AM

Posted 05 November 2014 - 06:32 PM


"So I guess the message to take away here is that MD5 is well and truly broken," McHugh wrote in a blog post headlined How I created two images with the same MD5 hash. "Whilst the two images have not shown a break in the pre-image resistance, I cannot think of a single case where the use of a broken cryptographic hash function is an appropriate choice."

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Billy_Parts


  • Members
  • 19 posts
  • Local time:06:29 AM

Posted 30 January 2015 - 01:33 AM

So, am I correct in interpreting this to mean that the system files for Windows Update can be copied such that they have the same MD5 hash, which I assume is some form of unique identification?  It's not encryption, is it?


To the Windows Update, what about the sizes of the two files (legit vs. fake)?  Will they be the same also?  Is there some kind of relationship between MD5 and file size?  What about file file "signing"?  Is that the same as the MD5, or is it different?  That's the primary point of this, as it pertains/applies to Windows Update?  Why is Windows Update singled-out?  If malware authors can fake MD5 "whatever", they could do it to any system file.  What makes Windows Update so special that it gets singled-out as being particularly erm,... "vulnerable"?  Why not fake certain system files in Internet Explorer, or something else?  What's the big deal about Windows Update?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users