Coffeehouse Thread

4 posts

Signed Assemblies - "crackable"??

Back to Forum: Coffeehouse
  • User profile image
    prog_dotnet

    This is an interesting one.

    Valery Pryamikov writes in his blogg that strong names do not provide high level of security.

    http://www.harper.no/valery/PermaLink,guid,cffad195-7b79-4969-85d6-ccfee64d4eab.aspx

    I dont agree with him, what do you think?

    I would argue, that strong names combined with other techniques do provide strong security. As such, strong names (private/public key)are one of the building blocks of the security design in .net.

    You have the StrongNameIdentityPermission class, which requires the caller to provide a specific public key to access an external module. generate a public/private key that you use to sign all of your components and controls.Someone who wants to use the component or control, presents the public key as evidence that they’re granted access. Once CLR determines the public key is valid, the caller accesses the code as usual.

    Extending this method of thinking, you could include 2 sets of security checks. First, u look for the public key assigned to the application. This check overcomes the problem of someone using another key to sign your application. Second, u look at the hash value of the program. Even if someone should decide to replace your public key value with the new ones for their key, replicating the hash value is extremely hard. In addition, you can even use the SHA-512 hash algorithm (require a 64 bit prosessor)

    This two-phase check increases the security of your program at a very modest cost in startup time.

    It doesn’t cost any performance once the program is running, nor does it cause the program to use any more resources.However, it’s possible that a cracker could overcome both checks. All the cracker would need to do is add a new public key and create a new hash value for the registry.But the cracker need access to the code. If u protect it with Dotfuscator or some other tools, your code will have a damn good security design.

  • User profile image
    lars

    "What will be your actions in case if private key used for generation of that strong name become compromised?"

    You better make sure it isn't. The secret key must per definition be kept a secret. Doesn't really matter how you go about it, if someone steals your keys you're toast.

    "RSA analyze of TWIRL computer architecture shown that theoretic $10 million TWIRL computer [...] requires about a year to break single 1024 bits RSA key."

    Come on. If someone wants it that bad there are more cost effective ways of obtaining the secret key. Plumbers for instance. Smiley

    I'm not quite sure what kind of protection his code needs. But I think 1024 bits will go a long way protecting my code.

    /Lars.

  • User profile image
    prog_dotnet

    Strong names are not security related (part II)

    http://www.harper.no/valery/PermaLink,guid,06e4bedb-af7a-4b89-8f9e-c20e524a75a7.aspx

    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&selm=eVPWNRXTEHA.3616%40TK2MSFTNGP11.phx.gbl

    Valery also posted the following comments in the norwegian .net user group:

    - about crackers - the only thing they actually need to do is to replace conditional jumps with unconditional jump for both or your checks. And that is easy and automated task - there are tools that allow replacing one or more conditional jumps with unconditional jumps for x86 code that could be freely downloaded on internet. I would be surprised if there is no managed equivalent.

    -comment about obfuscators, crackers and conditional jumps - as I already said it earlier - all cracker needs to do is to replace conditional jumps with unconditional jumps and no obfuscators actually helps here, regardless how obfuscators are implemented they would need conditional jumps for performing both of your checks...

  • User profile image
    ZippyV

    lars wrote:
    "What will be your actions in case if private key used for generation of that strong name become compromised?"
    You better make sure it isn't. The secret key must per definition be kept a secret. Doesn't really matter how you go about it, if someone steals your keys you're toast.

    /Lars.

    Indeed. If you know the company UD (United Devices, they are using distributed computing to help find a cure for cancer) they've explained how they kept their program and updates secure. For example, only signed updates are downloaded by the agent program a user is running on their computer. But if the programmer needs to retrieve the private key 2 managers with a special (physical) key need to open the vault which has very thick walls.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.