Discussion:
Are we 100% the running app code is the same as the source?
(too old to reply)
a***@tuta.io
2016-12-24 18:48:10 UTC
Permalink
Raw Message
Are we 100% certain that the officially released app code is the same as the source code we can compile on our own? Someone said the sha1/md5 has been shown to match up with the official binaries and the self-compiled source. Is this absolutely fool-proof evidence that the source is identical to Signal's official code? In what situations might it not be the same, and what is the likelihood?
Shankar Kulumani
2016-12-24 19:14:40 UTC
Permalink
Raw Message
They have provided functions to ensure reproducible builds for Android, not
sure if the same exists for iOS.

https://whispersystems.org/blog/reproducible-android/

You can look into the properties of the hash functions. It's generally not
possible to have two inputs with the same hash outputs.
Post by a***@tuta.io
Are we 100% certain that the officially released app code is the same as
the source code we can compile on our own? Someone said the sha1/md5 has
been shown to match up with the official binaries and the self-compiled
source. Is this absolutely fool-proof evidence that the source is identical
to Signal's official code? In what situations might it not be the same, and
what is the likelihood?
Javen O'Neal
2016-12-24 20:23:42 UTC
Permalink
Raw Message
Yes, although MD5 and SHA-1 both have issues with hash collisions, being
replaced by SHA-2 and SHA-3.

Being that these hash algorithms were written by a known adversary, the
NSA, one attack vector would be for an adversary to replace the binary
published on the Google Play store with a rebuilt binary with the same hash
but a vulnerability that makes it easier to break end to end encrypted
messages. Finding two simultaneous hash collisions (MD5 and SHA-1) seems
extremely difficult, though not impossible by the author of the algorithms
who may have thought of this and built in hash correlation.

A way to verify against this scenario is to compare PGP signatures of the
binary to make sure it wasn't modified in transit. This still assumes you
trust their published public PGP key and the PGP algorithm (it's the best
we've got that is commonly used).

That said, an easier attack vector is to build in a security hole into the
hardware or Android, so it's probably not worth worrying about double hash
collision.

On Dec 24, 2016 11:15, "Shankar Kulumani" <***@gmail.com> wrote:

They have provided functions to ensure reproducible builds for Android, not
sure if the same exists for iOS.

https://whispersystems.org/blog/reproducible-android/

You can look into the properties of the hash functions. It's generally not
possible to have two inputs with the same hash outputs.
Post by a***@tuta.io
Are we 100% certain that the officially released app code is the same as
the source code we can compile on our own? Someone said the sha1/md5 has
been shown to match up with the official binaries and the self-compiled
source. Is this absolutely fool-proof evidence that the source is identical
to Signal's official code? In what situations might it not be the same, and
what is the likelihood?
Christian Heinrich
2016-12-24 21:46:02 UTC
Permalink
Raw Message
Javen,
Being that these hash algorithms were written by a known adversary, the NSA,
You may want to refer to
https://www.nist.gov/director/nist-cryptographic-standards-and-guidelines-development-process
for clarification on their relationship to NIST.
--
Regards,
Christian Heinrich

http://cmlh.id.au/contact
Javen O'Neal
2016-12-24 22:11:57 UTC
Permalink
Raw Message
I was going off of https://en.wikipedia.org/wiki/SHA-1

"designed by the [NSA] and is ... published by the United States NIST"

I believe that the NSA is capable of embedding a security
vulnerability that can go undiscovered by third party review.

On Sat, Dec 24, 2016 at 1:46 PM, Christian Heinrich
Post by Christian Heinrich
Javen,
Being that these hash algorithms were written by a known adversary, the NSA,
You may want to refer to
https://www.nist.gov/director/nist-cryptographic-standards-and-guidelines-development-process
for clarification on their relationship to NIST.
--
Regards,
Christian Heinrich
http://cmlh.id.au/contact
Christian Heinrich
2016-12-24 23:05:59 UTC
Permalink
Raw Message
Javen,
Post by Javen O'Neal
I was going off of https://en.wikipedia.org/wiki/SHA-1
"designed by the [NSA] and is ... published by the United States NIST"
I believe that the NSA is capable of embedding a security
vulnerability that can go undiscovered by third party review.
The NSA put forth SHA-1 only became popular once MD4 and MD5 was known
to be broken.

The likelihood of this is still almost nil today as the incentive is
to be the winner is to cryptoanalysed all other parties that submitted
their cryptosystem.
--
Regards,
Christian Heinrich

http://cmlh.id.au/contact
Shankar Kulumani
2016-12-24 23:09:22 UTC
Permalink
Raw Message
I also think there are easier methods to compromise a user than an input
collision of Sha 1.

On Sat, Dec 24, 2016, 16:06 Christian Heinrich <
Post by Christian Heinrich
Javen,
Post by Javen O'Neal
I was going off of https://en.wikipedia.org/wiki/SHA-1
"designed by the [NSA] and is ... published by the United States NIST"
I believe that the NSA is capable of embedding a security
vulnerability that can go undiscovered by third party review.
The NSA put forth SHA-1 only became popular once MD4 and MD5 was known
to be broken.
The likelihood of this is still almost nil today as the incentive is
to be the winner is to cryptoanalysed all other parties that submitted
their cryptosystem.
--
Regards,
Christian Heinrich
http://cmlh.id.au/contact
Scott Robinson
2016-12-24 22:32:31 UTC
Permalink
Raw Message
PGP signatures rely on those same algorithms.
A way to verify against this scenario is to compare PGP signatures of the binary to make sure it wasn't modified in transit. This still assumes you trust their published public PGP key and the PGP algorithm (it's the best we've got that is commonly used).
Johan Wevers
2016-12-25 17:25:25 UTC
Permalink
Raw Message
Post by a***@tuta.io
Are we 100% certain that the officially released app code is the same as
the source code we can compile on our own? Someone said the sha1/md5 has
been shown to match up with the official binaries and the self-compiled
source. Is this absolutely fool-proof evidence that the source is
identical to Signal's official code?
Well, creating an md5 collision should be doable, creating a sha1
collision is HARD. Doing that for every release is nearly impossible.
And if you don't trust the hashes, just compare the apk's you created
against the on distributed by Whispersystems.
--
Met vriendelijke groet,

Johan Wevers
Loading...