Has a digitally signed file ever been cracked

Does anyone know if the algorithm used for creating a digitally signed file has been circumvented (broken/cracked) ? I'm asking only to find out just how how secure is this algorithm. Can someone rely on this digital signature check to ensure the file has not been tampered with ?

All replies welcome

Victor

 

I am sure there are folks more knowledgeable than myself on the subject but from what I have seen a cracked file can appear to have a digital signature but always click on the details button to see if it is valid. If it is not you know you have a potential problem. If it is good I have yet personally to experience a problem. When in doubt see if you can find checksums for the original file.

 

Thank you for your reply. I understand the part of checking to see if the file is authentic by Right Click File -> Select Properties->Choose Digital Signatures -> Then choose Details. I was hoping to learn whether its possible for someone to modify a file by say embedding a trojan or some other kind of malware inside the file but the file still passes the digital signature check ? I don't believe this possible but that is only my opinion.

Thanks again for the reply.

Victor

 

I don't believe it is possible either, but I have been shown other things I did not think possible. If the file is tampered with I would believe with 99% certainty that is would make the signature fail to validate. If you get a matching checksum as well as a valid signature I would trust the file as genuine.

 

I don't know, I guess it would be easier for people with malicious intent to sign the modified file themselves with a stolen digital signature than to crack the existing one.

 

You can't embed a file into a signed file and have it still work by definition.

But if you were able to crack the encryption behind the signature you could. That has not happened to my knowledge and it is not very likely - though maybe one day.

 

Apparently it's possible to embed data inside a digitally signed file without invalidating its certificate, but that data can't execute.

-http://reboot.pro/15889/

 

Want My Autograph? The Use and Abuse of Digital Signatures by Malware

How secure is a digital signature?

 

what about stuxnet rootkit? it was signed with a realtek certificate, right? i don`t think the cretor/s of stuxnet sent the rootkit to the signer and then just use it...

 

You can hack a company's servers and take their cert or you can hack the encryption. Injecting code and getting it to execute from a signed file should not be possible - maybe with another separate file as well.

 

Thank you for the reply. That is what I believe and AFAIK I don't believe the SHA-1 algorithm has been cracked even though there is plans for a SHA-3 algorithm. See here http://en.wikipedia.org/wiki/SHA-1

 

This would be the more easy way to do it. I'd be much more worried about encountering a file signed with a stolen certificate than a cracked already signed file.

 

Or, you could make a legitimate and digitally signed application launch the malware. Just like the recent event with Adobe Flash Player reported by McAfee.

https://www.wilderssecurity.com/showthread.php?&t=313426

Considering that so many people download from unofficial sources, how difficult would it be?

 

To end the pipe dreams

The Code Signing Process by COMODO: (used for simplicity)
http://www.instantssl.com/code-signing/code-signing-process.html


HKEY1952

 

Playing With Authenticode and MD5 Collisions

It's signed, therefore it's clean, right?