Comments on: Playing With Authenticode and MD5 Collisions

By: Playing With Authenticode and MD5 Collisions | Didier Stevens « Petroaudios's Blog

Sun, 20 Nov 2011 13:15:25 +0000

[...] With Authenticode and MD5 Collisions | Didier Stevenshttp://blog.didierstevens.com/2009/01/17/playing-with-authenticode-and-md5-collisions/Share this:TwitterFacebookLike this:LikeBe the first to like this post. [...]

By: Adam

Adam — Mon, 29 Nov 2010 10:49:02 +0000

MD5 has been cryptographically weak for a long time, thats why i built my online md5 cracker - hashhack.com to put pressure on the industry to stop using it all together. Its just not secure anymore. Great blog - keep up the good work

By: Wampiryczny blog

Wampiryczny blog — Thu, 26 Aug 2010 06:48:19 +0000

Skąd pochodzi podpisany kod…

W zamierzchłych czasach pojawiły się pierwsze informacje o malware, który był cyfrowo podpisany. Zdziwienie związane z tym faktem skomentowałem we wpisie Kapcie z nóg… czyli po co podpisywać programy. Pisałem wówczas, że podpisy cyfrowe określają źró…

By: David

David — Sat, 20 Feb 2010 10:20:12 +0000

Hi guys, Great post by the day! For some of you looking for an online encoder, check this online md5 converter Pretty Cool! David

By: 3medya Blog » Blog Archive » MD5 Collision Demo

3medya Blog » Blog Archive » MD5 Collision Demo — Mon, 02 Nov 2009 10:10:45 +0000

[...] Stevens used the evilize program (below) to create two different programs with the same Authenticode digital signature. Authenticode is Microsoft’s code signing mechanism, and although it uses SHA1 by default, it [...]

By: Criza algoritmilor de criptare? « 0×30 0×20 0×61 0×6e 0×64 0×20 0×31

Sat, 31 Jan 2009 09:34:41 +0000

[...] asta nu a fost tot. Didier Stevens s-a gandit sa treaca la nivelul urmator. Asa ca s-a folosit de scula celor de la Microsoft (special [...]

By: SecurityGuy.org » Blog Archive » Playing With Authenticode and MD5 Collisions - The IT Security Blog

Sun, 25 Jan 2009 15:34:26 +0000

[...] http://blog.didierstevens.com/2009/01/17/playing-with-authenticode-and-md5-collisions/ [...]

By: Didier Stevens

Didier Stevens — Wed, 21 Jan 2009 07:42:01 +0000

In general, for a new development, design your system for “easy” swap-out of the hashing function. Take one of the SHA2 functions, and in a couple of years, switch to the new SHA3 standard.

Can you give more details of your performance requirements?

By: Didier Stevens

Didier Stevens — Wed, 21 Jan 2009 07:37:08 +0000

Thanks Thierry!

By: Thierry Zoller

Thierry Zoller — Tue, 20 Jan 2009 23:39:28 +0000

Great work Didier, thanks for investing time to explain it step by step.