[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft Authenticode key security



Peter Trei wrote:
 
> Really guys, If you want to attack Authenticode (and I personally
> consider it a bandaid on a dangerous system), then stealing or
> buying the key is not the approach to take.
> 
> I see two possible approaches to prove it's weakness.
> 
> 1. If they are using RSA, factor the public key. This depends on it's
> length. Considering the amount of cpu people seem to be able to
> muster for distributed cracks, etc, I suspect that 512 bit keys will
> soon be vulnerable (equiv = RSA 155).

  After having done a complete analysis of all the factors involved, 
I have determined that Authenticode could be cracked by the CypherPunks
in less than 72 hours by refraining from using the word 'cocksucker'
in our postings and devoting the saved CPU cycles to the crack.
-- 
Toto
http://bureau42.base.org/public/xenix/xenbody.html