570
submitted 3 months ago by shoki@lemmy.world to c/linuxmemes@lemmy.world
top 50 comments
sorted by: hot top controversial new old
[-] cygnus@lemmy.ca 171 points 3 months ago

Is this one of those NFTs the kids are talking about?

[-] RecluseRamble@lemmy.dbzer0.com 66 points 3 months ago

It's actually quite similar. Non-fungible since only OP has the private key but easy to steal by just downloading the image (and cropping the key if you want).

[-] kionite231@lemmy.ca 63 points 3 months ago

Has anyone confirmed that signature? I think it's not possible to have the signature as a part of the data itself. Kinda chicken egg problem

[-] LeFrog@discuss.tchncs.de 75 points 3 months ago* (last edited 3 months ago)
[-] abfarid@startrek.website 23 points 3 months ago

I opened the comment section to ask if it was possible to have an image with its own hash.
Thanks.

[-] Natanael@slrpnk.net 13 points 3 months ago

It's using a combination of multicollision attacks against MD5 and sequences of groups of alternate blocks of data representing the alphabet encoded in a way compatible with the file format.

It's basically <[a+random]/[b+random]/[c+random]...> * (length of message). The random data is crafted by the attack tool so each block has the exact same effect on the MD5 hashing algorithm as it processes each block. You need to decide how many variable blocks you need and where and their encoding in advance. You encode the blocks so the randomness isn't visible in the final rendered file.

When you have that prepped, you compute the final hash, then at each block position you select the block representing the letter you want (and its associated random data). So then you can select letters matching the actual file hash value.

It only works against hash functions with practical multicollision attacks. Doesn't work on SHA256 and newer hashes.

[-] abfarid@startrek.website 11 points 3 months ago

I know some of these words. But I think I roughly understood the general idea. Thanks!

[-] Natanael@slrpnk.net 8 points 3 months ago

Tldr, modern hash algorithms process data in fixed size blocks. For MD5 you take 128 bits at a time.

The core function in a hash is a little scrambler function (permutation) that takes two different inputs and gives you a single output back.

So it starts with a fixed value built into the algorithm, and then scrambles the first block of the message with it. Then it takes that scrambled piece and mixes that with the next block of the message, then takes THAT scrambled piece and mixes it with the next block. And so on until the end of the message. The last scrambled piece is the hash value.

Collision attacks target that core function by figuring out how to tweak multiple messages so that their scrambler outputs "collide", ending up equal. So you can hash two tweaked messages and get the same hash value. These tweaks usually include a bunch of random looking bits to work.

Then for a multicollision we don't just do it for two messages. We do it for every letter in the alphabet. For a HTML document we encode something like a and repeat for every letter. Every letter gets a distinct random looking value. Then we have many documents with the same hash and one letter different. We can show you a hash and then pick which letter to present you with in the document. All of them checks out.

But then we repeat the attack. We add another whole alphabet right after the first one! Now we have a a. And because the second letter is in a different block, that works just fine! Adding a second letter don't change the first intermediate value, and you can attack the second intermediate value for the second letter separately. So you add the whole alphabet again (with new associated calculated garbage for every letter in the second position), and now after the second letter we have a new intermediate value which is the same regardless of which letter we pick in the second position.

So now we can independently pick a random letter in the first position and in the second position too! Every combination of two letters has the same hash because of the hidden calculated garbage after each letter!

Then we just repeat the multicollision attack on the whole alphabet over and over until your document is long enough to encode your message. And that message may include the document's own hash.

load more comments (2 replies)
[-] qprimed@lemmy.ml 11 points 3 months ago* (last edited 3 months ago)

md5 has been broken for years, but thats pretty damn ~~cool~~ scary.

[-] Manifish_Destiny@lemmy.world 9 points 3 months ago

Yeah that only due to md5 hash collisions though. That wouldn't work on sha for example

[-] shoki@lemmy.world 24 points 3 months ago* (last edited 3 months ago)

*whispers* I stole that signature from cryptostorms warrant canary: https://cryptostorm.is/canary.txt

[-] Morphit@feddit.uk 8 points 3 months ago
[-] noxy@yiffit.net 2 points 3 months ago

oh wow, cryptostorm is still around? cool!

[-] Steamymoomilk@sh.itjust.works 9 points 3 months ago

Hold on I gotta pgp sign my PGP sign so my pgp is signed and I know who it came from.

[-] rivvvver@lemmy.dbzer0.com 5 points 3 months ago* (last edited 3 months ago)

yea would be interesting. but im also too lazy to type all that text in by hand to verify

[-] cheezoid2@sh.itjust.works 13 points 3 months ago

Here:

iQIzBAEBCgAdFiEETYf5hKIig5JX/jalu9uZGunHyUIFAmaB8YEACgkQu9uZGunH yUKi7Q/+OJPzHWfGPtzk53KnMJ3C8KQGEUCzKkSKmE0ugdI 9h1Lj4SkvHpKWECK Y1GxNujMPRM/aAS2M97AEbtYolenWzgYm01wt131/hEG4tk+iYeB2Sfyvngbg5KI y4D7mapcVWYSf6S13vUX8VuyKeTxK6xdkp95E0wPVLfJwx505nHOnjLXxeW0IblY URLonem/yuBrJ6Ny3XX9+sKRKcdI9tOghMhTxPcQySXcTx1pAG7YE7G5UqTbJxis wy7LbYZB5Yy0F03CtRIkA+cclG4y2RMM9M9buHzXTWCyDuoQao68yEVh40dqwH1U 5AUnqdve5SiwygF/vc50Ila6VjJ4hyz1qVQnjqqD96p7CSVzVudLDDZMQZ8WvgLh gaEr51xJvH6p6/CP1ji4HHucbJf6BhtSqc8ID9KFfaXxjfZHiUtgsVDYMV0e7u9v 1hcDH/3kmw/JImX25qsEsBeQyzOJsBvx0YD31ZIwSY9+7KNGVQstFrEvCuVPHr72 BQJPIhg3+9g6m36+9Uhs1N6b8G9DsZ60gnNqr9dGturUg6CtRsLSpqoZq0ET9cLA tnFTJDaXgx1DZnsLGDSoQQYjZ3vS+YYZ8jG86KGLEyXVK+uSssvorm9YR1/GGOy7 suaxro72An+MxCczF5TIR9n3gisKvcwa8ZbdoaGd9cigyzWlYg8= =EgZm

[-] Morphit@feddit.uk 3 points 3 months ago
----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETYf5hKIig5JX/jalu9uZGunHyUIFAmaB8YEACgkQu9uZGunH
yUKi7Q/+OJPzHWfGPtzk53KnMJ3GC8KQGEUCzKkSKmE0ugdI9h1Lj4SkvHpKWECK
Y1GxNujMPRM/aAS2M97AEbtYolenWzgYmO1wt131/hEG4tk+iYeB2Sfyvngbg5KI
y4D7mqpcVWYSf6S13vUX8VuyKeTxK6xdkp95E0wPVLfJwx5o5nH0njLXxeW0IblY
URLonem/yuBrJ6Ny3XX9+sKRKcdI9tOqhMhTxPcQySXcTx1pAG7YE7G5UqTbJxis
wy7LbYZB5Yy0FO3CtRIkA+cclG4y2RMM9M9buHzXTWCyDuoQao68yEVh4OdqwH1U
5AUnqdve5SiwygF/vc50Ila6VjJ4hyz1qVQnjqqD96p7CSVzVudLDDZMQZ8WvqLh
qaFr51xJvH6p6/CP1ji4HHucbJf6BhtSqc8ID9KFfaXxjfZHiUtgsVDYMV0e7u9v
lhcDH/3kmw/JImX25qsEsBeQyzOJsBvxOYD3lZrwSY9+7KNGVQstFrEvCuVPHr72
BQJPIhg3+9g6m36+9Uhs1N6b8G9DsZ6OgnNqr9dGturUg6CtRsLSpqoZq0FT9cLA
tnFTJDaXgx1DZnsLGDSoQQYjZ3vS+YYZ8jG86KGLFyXVK+uSssvorm9YR1/GGOy7
suaxro72An+MxCczF5TIR9n3gisKvcwa8ZbdoaGd9cigyzWlYg8=
=EgZm
----END PGP SIGNATURE-----
[-] Ziglin@lemmy.world 5 points 3 months ago

It might be possible to keep signing with a different key until it matches. But I assume the signature is of the above text.

[-] Natanael@slrpnk.net 4 points 3 months ago* (last edited 3 months ago)

I mean if you're prepared to do it 2^128 times in a row...

load more comments (1 replies)
[-] Natanael@slrpnk.net 2 points 3 months ago

You can but you need to define what part of the data the signature covers (a signature can't sign itself, so it must be excluded from the data bundle). Signed PDF files has the signature appended after the document data

[-] shoki@lemmy.world 4 points 3 months ago

Exactly. And even though there are message start and end markers it's not quite clear at which pixel the signed image starts and ends. Also the image format that is signed is not defined.

load more comments (1 replies)
[-] dan@upvote.au 36 points 3 months ago

PGP? Surely you mean GnuPG.

[-] Hawke@lemmy.world 43 points 3 months ago

(Open)PGP is the protocol, GPG is just one application that implements it.

[-] dan@upvote.au 7 points 3 months ago

Right. OpenPGP is the protocol. PGP is the original app, which predates the spec.

[-] magi@lemmy.blahaj.zone 3 points 3 months ago* (last edited 3 months ago)

Did you actually have to acksually this though? Every mom and their cat simply calls it pgp

[-] dan@upvote.au 1 points 3 months ago* (last edited 3 months ago)

PGP is a different piece of software though. Would you refer to Firefox as "Chrome" because both of them can use the same protocol (HTTP)?

This reminds me of my parents referring to every games console as a "PlayStation" lol

[-] Morphit@feddit.uk 3 points 3 months ago

Except PGP is a substring of the 'technically correct' term. It's like someone saying you're playing on your Nintendo - "Um, actually it's a Nintendo 64."

[-] Xylight 4 points 3 months ago

Those names get really really confusing. I used GPG to use a PGP key. I get mixed up too much.

[-] Hawke@lemmy.world 4 points 3 months ago

I have little trouble myself but I have an “advantage”:

[-] shoki@lemmy.world 18 points 3 months ago

Yeah, you're right. Who thought that it was a good idea to name two things that mean a similar thing PGP and GPG? It is so easy to use the wrong one..

[-] pennomi@lemmy.world 12 points 3 months ago

I try to keep things simple by only using GGG or PPP.

[-] Feathercrown@lemmy.world 4 points 3 months ago
[-] shoki@lemmy.world 3 points 3 months ago

more like GPG's not PGP

[-] Natanael@slrpnk.net 5 points 3 months ago

Pretty Good Privacy (proprietary original)

GNU Privacy Guard (open source clone)

OpenPGP is the shared spec

[-] jelloeater85@lemmy.world 5 points 3 months ago

Oh not this again... 😂

[-] AVincentInSpace@pawb.social 33 points 3 months ago

How would I verify this signature

[-] Petter1@lemm.ee 14 points 3 months ago
[-] magi@lemmy.blahaj.zone 7 points 3 months ago
[-] eleitl@lemm.ee 6 points 3 months ago

Which blob are you verifying?

[-] AVincentInSpace@pawb.social 3 points 3 months ago

What about getting the image

[-] possiblylinux127@lemmy.zip 19 points 3 months ago* (last edited 3 months ago)

1000002713

I hid something in this image

[-] tourist@lemmy.world 14 points 3 months ago

I see that fifth puppy u aint slick

[-] Jerkface@lemmy.world 4 points 3 months ago* (last edited 3 months ago)

What if I told you..? That's right. Six puppies.

[-] atx_aquarian@lemmy.world 4 points 3 months ago

Seriously? Some steganography going on in here?

[-] possiblylinux127@lemmy.zip 4 points 3 months ago

Yes

Its an app on F-droid

[-] blindbunny@lemmy.ml 6 points 3 months ago

Green is my pepper! 🫑

[-] JackbyDev@programming.dev 5 points 3 months ago

Just noticed the pepper stamp lol.

load more comments
view more: next ›
this post was submitted on 25 Jul 2024
570 points (98.5% liked)

linuxmemes

21197 readers
51 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS