blog: SHA1 christmas spoiler
Moderators: fgagnon, nikos, Site Mods
blog: SHA1 christmas spoiler
here's the comment area for today's blog post found at
http://zabkat.com/blog/code-signing-sha1-armageddon.htm
(for software developers and distributors)
http://zabkat.com/blog/code-signing-sha1-armageddon.htm
(for software developers and distributors)
Re: blog: SHA1 christmas spoiler
So, x2 runs all the way to 98, right? Do you actually test it on versions that old? Or even on XP SP3 for that matter?
I'm using Xplorer2 - the only file manager that does not suck. Actually, it rocks!
Re: blog: SHA1 christmas spoiler
actually I do everytime in virtual machines. I cannot say that it is thorough testing but it is testing.
-
- New Member
- Posts: 1
- Joined: 2015 Dec 22, 07:44
Re: blog: SHA1 christmas spoiler
Thanks for the warning Nikos.
Re: blog: SHA1 christmas spoiler
Yeah, thanks for the warning! Cool move.
Re: blog: SHA1 christmas spoiler
The timestamp cert for your SHA256 cert will still be SHA1 when using that time stamp server. We won't know until Jan. 1 if that's a problem, but see here for a solution:
https://stackoverflow.com/questions/306 ... de-signing
https://stackoverflow.com/questions/306 ... de-signing
Re: blog: SHA1 christmas spoiler
if you pay close attention, a different timestamp server is used for sha2 signing, so there is no problem here. Also note the use of /td sha256
Re: blog: SHA1 christmas spoiler
I realize that, but that timestamp server's certificate is SHA1. /td specifies the digest algorithm used by the server but doesn't determine the certificate of the server itself (read the linked article again -- the same question applies to http://timestamp.comodoca.com/rfc3161).
Re: blog: SHA1 christmas spoiler
this server isn't https, so where does the SHA1 come into play? Anyway I am not an expert so If you know the "correct" timestamp server to use please let us know
ps ok, I finally realize what you're talking about, the countersign is based on SHA1. I asked comodo about it and they don't have a straight answer. But it looks like one can use the globalsign timestamp server which understands SHA2
thanks for the tip, I will update the article
ps ok, I finally realize what you're talking about, the countersign is based on SHA1. I asked comodo about it and they don't have a straight answer. But it looks like one can use the globalsign timestamp server which understands SHA2
thanks for the tip, I will update the article
Re: blog: SHA1 christmas spoiler
Correct -- I'm the person that answered the Stack Overflow question and was pointing out the same thing to you.
Re: blog: SHA1 christmas spoiler
I've just heard from comodo that they are working to get the SHA2 countersign problem sorted "by the end of the year", we'll see!
Re: blog: SHA1 christmas spoiler
Thanks for the article.
I tried dual signing (SHA1 + SHA256) for a C# executable built with Visual Studio 2015.
The executable won't even launch on Windows 10 if the SHA1 signature is present.
So at least for binaries, it seems dual signing has limited/no value.
I expected older systems would look at the SHA1 certs while newer OS versions would know to look for the SHA256 signature.
So if you want to support older and newer OS versions, it seems like you have to distribute two copies of all your executables: 1 set signed using SHA1, the other signed using SHA256.
Also noting the beautiful irony that binaries without code signatures work flawlessly.
I tried dual signing (SHA1 + SHA256) for a C# executable built with Visual Studio 2015.
The executable won't even launch on Windows 10 if the SHA1 signature is present.
So at least for binaries, it seems dual signing has limited/no value.
I expected older systems would look at the SHA1 certs while newer OS versions would know to look for the SHA256 signature.
So if you want to support older and newer OS versions, it seems like you have to distribute two copies of all your executables: 1 set signed using SHA1, the other signed using SHA256.
Also noting the beautiful irony that binaries without code signatures work flawlessly.
Re: blog: SHA1 christmas spoiler
I was going to wait a few days for trying things out in 2016, but your post hastened me up
on my win10, I see no problem whatsoever, even new SHA1 signatures are not causing any bother
so either your system has an update that mine doesn't or you are doing your signatures differently
you can try my freshly dual signed program (run it as administrator to see what happens).
in the worst case I would have expected to see a warning, not a denial of execution!?
here is the download link (ignore the assertion errors http://www.zabkat.com/test/double2016.zip
ps. on second thought could your AV be the culprit?
pps. @kalons, comodo finally fixed their rfc3161 timestamp server as promised
on my win10, I see no problem whatsoever, even new SHA1 signatures are not causing any bother
so either your system has an update that mine doesn't or you are doing your signatures differently
you can try my freshly dual signed program (run it as administrator to see what happens).
in the worst case I would have expected to see a warning, not a denial of execution!?
here is the download link (ignore the assertion errors http://www.zabkat.com/test/double2016.zip
ps. on second thought could your AV be the culprit?
pps. @kalons, comodo finally fixed their rfc3161 timestamp server as promised
Re: blog: SHA1 christmas spoiler
OK. I tried running the exe. After the assertions, I got a "core dumped" alert. Assuming this means the test passed
Anyway, I guess I don't know what's going on. I don't have any custom AV - just using built-in Windows 10. Had a colleague looking over my shoulder to make sure I wasn't doing something stupid.
Here's the heart of my signing script:
I'm using Geotrust. Maybe that's a problem.
Going to experiment further. Will get back to you on this.
Anyway, I guess I don't know what's going on. I don't have any custom AV - just using built-in Windows 10. Had a colleague looking over my shoulder to make sure I wasn't doing something stupid.
Here's the heart of my signing script:
Code: Select all
set SignToolExe="%programfiles%\Windows Kits\8.1\bin\x86\signtool.exe"
set TimeStampServer="http://timestamp.verisign.com/scripts/timstamp.dll"
set TimeStampServerRFC3161="http://timestamp.geotrust.com/tsa"
echo Adding primary Authenticode signature using SHA1...
%SignToolExe% sign /sha1 3412942a2b84570fb5255e3234538fcd5243014c /fd sha1 /t %TimeStampServer% %1
if errorlevel 1 goto FAIL
echo Adding secondary Authenticode signature using SHA256...
%SignToolExe% sign /sha1 3412942a2b84570fb5255e3234538fcd5243014c /as /fd sha256 /tr %TimeStampServerRFC3161% %1
if errorlevel 1 goto FAIL
echo Verifying all Authenticode signatures...
%SignToolExe% verify /pa /a /all %1
if errorlevel 1 goto FAIL
Going to experiment further. Will get back to you on this.
Re: blog: SHA1 christmas spoiler
Ran the same test and it worked this time: no problem launching exe.
Clearly I must have done something wrong, but I'm just not sure what.
In any case, it looks like dual-signing is likely fine.
Sorry for the confusion.
Clearly I must have done something wrong, but I'm just not sure what.
In any case, it looks like dual-signing is likely fine.
Sorry for the confusion.