blog: SHA1 christmas spoiler

Discussion & Support for xplorer² professional

Moderators: fgagnon, nikos, Site Mods

User avatar
nikos
Site Admin
Site Admin
Posts: 14645
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

blog: SHA1 christmas spoiler

Post by nikos » 2015 Dec 20, 09:36

here's the comment area for today's blog post found at
http://zabkat.com/blog/code-signing-sha1-armageddon.htm
(for software developers and distributors)

wasker
Gold Member
Gold Member
Posts: 797
Joined: 2005 Oct 21, 16:33
Location: WA, USA
Contact:

Re: blog: SHA1 christmas spoiler

Post by wasker » 2015 Dec 20, 17:36

So, x2 runs all the way to 98, right? Do you actually test it on versions that old? Or even on XP SP3 for that matter? :wink:
I'm using Xplorer2 - the only file manager that does not suck. Actually, it rocks!

User avatar
nikos
Site Admin
Site Admin
Posts: 14645
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: blog: SHA1 christmas spoiler

Post by nikos » 2015 Dec 21, 06:09

actually I do everytime in virtual machines. I cannot say that it is thorough testing but it is testing.

GertRijsGDP
New Member
Posts: 1
Joined: 2015 Dec 22, 07:44

Re: blog: SHA1 christmas spoiler

Post by GertRijsGDP » 2015 Dec 22, 07:45

Thanks for the warning Nikos.

Don
New Member
Posts: 1
Joined: 2015 Dec 23, 12:24

Re: blog: SHA1 christmas spoiler

Post by Don » 2015 Dec 23, 12:27

Yeah, thanks for the warning! Cool move.

kalons
New Member
Posts: 3
Joined: 2015 Dec 23, 13:49
Contact:

Re: blog: SHA1 christmas spoiler

Post by kalons » 2015 Dec 23, 13:52

The timestamp cert for your SHA256 cert will still be SHA1 when using that time stamp server. We won't know until Jan. 1 if that's a problem, but see here for a solution:

https://stackoverflow.com/questions/306 ... de-signing

User avatar
nikos
Site Admin
Site Admin
Posts: 14645
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: blog: SHA1 christmas spoiler

Post by nikos » 2015 Dec 24, 06:20

if you pay close attention, a different timestamp server is used for sha2 signing, so there is no problem here. Also note the use of /td sha256

kalons
New Member
Posts: 3
Joined: 2015 Dec 23, 13:49
Contact:

Re: blog: SHA1 christmas spoiler

Post by kalons » 2015 Dec 24, 14:31

I realize that, but that timestamp server's certificate is SHA1. /td specifies the digest algorithm used by the server but doesn't determine the certificate of the server itself (read the linked article again -- the same question applies to http://timestamp.comodoca.com/rfc3161).

User avatar
nikos
Site Admin
Site Admin
Posts: 14645
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: blog: SHA1 christmas spoiler

Post by nikos » 2015 Dec 27, 05:38

this server isn't https, so where does the SHA1 come into play? Anyway I am not an expert so If you know the "correct" timestamp server to use please let us know :xmas:

ps ok, I finally realize what you're talking about, the countersign is based on SHA1. I asked comodo about it and they don't have a straight answer. But it looks like one can use the globalsign timestamp server which understands SHA2

thanks for the tip, I will update the article

kalons
New Member
Posts: 3
Joined: 2015 Dec 23, 13:49
Contact:

Re: blog: SHA1 christmas spoiler

Post by kalons » 2015 Dec 28, 08:23

Correct -- I'm the person that answered the Stack Overflow question and was pointing out the same thing to you.

User avatar
nikos
Site Admin
Site Admin
Posts: 14645
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: blog: SHA1 christmas spoiler

Post by nikos » 2015 Dec 29, 06:34

I've just heard from comodo that they are working to get the SHA2 countersign problem sorted "by the end of the year", we'll see!

dmcgloin
New Member
Posts: 3
Joined: 2016 Jan 06, 07:28

Re: blog: SHA1 christmas spoiler

Post by dmcgloin » 2016 Jan 06, 07:34

Thanks for the article.

I tried dual signing (SHA1 + SHA256) for a C# executable built with Visual Studio 2015.

The executable won't even launch on Windows 10 if the SHA1 signature is present.

So at least for binaries, it seems dual signing has limited/no value.

I expected older systems would look at the SHA1 certs while newer OS versions would know to look for the SHA256 signature.

So if you want to support older and newer OS versions, it seems like you have to distribute two copies of all your executables: 1 set signed using SHA1, the other signed using SHA256.

Also noting the beautiful irony that binaries without code signatures work flawlessly.

User avatar
nikos
Site Admin
Site Admin
Posts: 14645
Joined: 2002 Feb 07, 15:57
Location: UK
Contact:

Re: blog: SHA1 christmas spoiler

Post by nikos » 2016 Jan 06, 08:17

I was going to wait a few days for trying things out in 2016, but your post hastened me up :)
on my win10, I see no problem whatsoever, even new SHA1 signatures are not causing any bother
so either your system has an update that mine doesn't or you are doing your signatures differently
you can try my freshly dual signed program (run it as administrator to see what happens).
in the worst case I would have expected to see a warning, not a denial of execution!?
here is the download link (ignore the assertion errors :) http://www.zabkat.com/test/double2016.zip

ps. on second thought could your AV be the culprit?

pps. @kalons, comodo finally fixed their rfc3161 timestamp server as promised

dmcgloin
New Member
Posts: 3
Joined: 2016 Jan 06, 07:28

Re: blog: SHA1 christmas spoiler

Post by dmcgloin » 2016 Jan 07, 01:48

OK. I tried running the exe. After the assertions, I got a "core dumped" alert. Assuming this means the test passed :)

Anyway, I guess I don't know what's going on. I don't have any custom AV - just using built-in Windows 10. Had a colleague looking over my shoulder to make sure I wasn't doing something stupid.

Here's the heart of my signing script:

Code: Select all

set SignToolExe="%programfiles%\Windows Kits\8.1\bin\x86\signtool.exe"

set TimeStampServer="http://timestamp.verisign.com/scripts/timstamp.dll"
set TimeStampServerRFC3161="http://timestamp.geotrust.com/tsa"

echo Adding primary Authenticode signature using SHA1...
%SignToolExe% sign /sha1 3412942a2b84570fb5255e3234538fcd5243014c /fd sha1 /t %TimeStampServer% %1
if errorlevel 1 goto FAIL

echo Adding secondary Authenticode signature using SHA256...
%SignToolExe% sign /sha1 3412942a2b84570fb5255e3234538fcd5243014c /as /fd sha256 /tr %TimeStampServerRFC3161% %1
if errorlevel 1 goto FAIL

echo Verifying all Authenticode signatures...
%SignToolExe% verify /pa /a /all %1
if errorlevel 1 goto FAIL
I'm using Geotrust. Maybe that's a problem.

Going to experiment further. Will get back to you on this.

dmcgloin
New Member
Posts: 3
Joined: 2016 Jan 06, 07:28

Re: blog: SHA1 christmas spoiler

Post by dmcgloin » 2016 Jan 07, 02:11

Ran the same test and it worked this time: no problem launching exe.

Clearly I must have done something wrong, but I'm just not sure what.

In any case, it looks like dual-signing is likely fine.

Sorry for the confusion.

Post Reply