suB
Banido
xbox-scene.com disse:>> From it.slashdot.org:
From Bruce Schneier's weblog: 'SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results...'" Note, though, that Schneier also writes "The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team."
Why this article on an Xbox site? Well, Microsoft's Xbox game console relies on the security of, among others, SHA-1. It would not allow to just directly sign any XBE you want, as XBE's are signed with RSA. This RSA signature only signs the XBE header, so nothing can be changed there. But all 'sections' (part of XBE containing the program) could be changed as long as all sections keep the same size and the same SHA-1. So it might be possible to take an already MS-signed XBE and write a section that does 'what we want' (example: load another BIOS, install a SW exploit, ...) that's smaller then the original section and 'fill it up' so it matches the original size and SHA-1. That's where this news comes in. If this paper is real it would probably still require lots of CPU power (2**69 hash operations?) to find a 'collisions' (match), but a lot less then before (2**80 operations?) anyway.
O q eu entendi disto, em relaçao à xbox, é a possibilidade de enganar a X e pensar q está a ler mesmo um original. O resto fica para a vossa imaginação