More re the SHA-1 result:
- Around $30M (give or take a few million) should build you a machine to find a collision in a few days.
- What previously took (say) the NSA 40 years to figure out now takes about a week.
- A second preimage attack is theoretically 2106, according to a Schneier paper.
If a registered game developer conspires with the XBox linux guys, the birthday attack (269) is quite possible. Actually this raises an interesting point similar to the Nintendo vs Codemasters wrangles of the late 80s (if I’m remembering that correctly). Imagine you are a big publisher that has its own manufacturing processes and doesn’t want to rely on MS. Here’s what you do (would this work?):
- Spend around $30m to get a machine to find a collision. (Expensive, but $30m isn’t so much more than the cost of developing a big title – depends what this is worth to you).
- Write 2 XBEs – one is a game you have in dev, one is a generic loader program.
- Make it so that the SHA-1 hashes of the 2 XBEs collide. (Assumedly not too hard; use the machine, and adjust a bit of random padding on both until you get a collision.)
- Publish the game as normal through MS. They sign the game. But the crucial point is that the same signature that is now on the game will also fool a retail XBox into loading your generic loader program.
- Job done – you now have a loader program that you can use to run any game, without having to submit anything else to MS. Let the legal battles begin…
This works until they special case your key in a (forced) BIOS/kernel update. Interesting idea though, I also think that it _should_ be legal under the interoperability part of the DMCA, although who knows what's actually legal and what's illegal.
(http://livejournal.com/users/gen_witt)