Re: Signed assemblies easily cracked?
From: Nicole Calinoiu (calinoiu)
Date: 11/25/04
- Previous message: Anna via DotNetMonster.com: "Re: Unknown failure in RSACyptoServiceProvider.Decrypt() on Win98"
- Maybe in reply to: jc: "Signed assemblies easily cracked?"
- Next in thread: Valery Pryamikov: "Re: Signed assemblies easily cracked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Nov 2004 12:15:41 -0500
"Frank Wallwitz" <Frank.Wallwitz@t-online.de> wrote in message
news:OmsAyvL0EHA.3976@TK2MSFTNGP09.phx.gbl...
> I would not call it a bug.
Interesting. The documentation on strong name use by the .NET Framework
would strongly suggest that at least one somebody at Microsoft might
disagree with you on this one. (See, for example,
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconstrong-namedassemblies.asp.)
> It's simply the way Microsoft has implemented the
> verification of sn-signed assemblies.
Obviously, but just because it shipped this way doesn't mean it's not a bug
in either design or implementation.
> In the end, there must be a flag, or some code somewhere inside the
> assembly
> telling the framework that it is strong named or whatever.
It doesn't have to be a separate flag. The presence of the strong name
signature in a reserved position should be a sufficient, self-contained flag
for the validation.
> Implementing this
> 'cracker-proof' is very hard (if not impossible).
Sure, but it could be a lot more robust than allowing a flag byte to disable
validation.
> The problem is that an application in fact can't trust while loading a sn
> assembly, that it is the expected.
Expected by whom? Probably not by folks who've read the documentation on
the framework's use of strong names for assembly validation.
> As I wrote in my first statement: strong names aren't a method for making
> your code secure and the are not intended to do this.
Nope, but they are expected to help protect users from manipulation or
substitution of highly trusted assemblies.
> The intention was to make sure, that only well-known, 'trusted' assemblies
> can load each other.
The documentation would suggest that the main goal was to provide a
mechanism to prevent execution of assemblies modified by anyone other than
their legitimate author.
> From my point of view that's not longer true :(
Do we have any evidence that it was ever true, or has the switch byte been
active in all shipped versions of the .NET Framework?
>
> regards
> Frank
>
>
- Previous message: Anna via DotNetMonster.com: "Re: Unknown failure in RSACyptoServiceProvider.Decrypt() on Win98"
- Maybe in reply to: jc: "Signed assemblies easily cracked?"
- Next in thread: Valery Pryamikov: "Re: Signed assemblies easily cracked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
