Jakub Wilk wrote:
The purpose of adding garbage could be to make a modified tarball match the signature.Which is why we also supply the length.I thought the idea was to create a smaller malicious tarball, then append "garbage" until the size and the hash match.
With xz you don't need trailing garbage to match the size and the hash. Xz allows you to insert as much garbage inside the file as you want. Xz is an ideal vector for malware because it is strict with the envelope but lax with the message.
I have no experience at all rigging tarballs, but it took me just minutes to obtain two xz compressed tarballs with very different contents that match in size and sum(1). I did it just with an editor, ddrescue and data from /dev/urandom, by brute force, without any knowledge about the algorithm of sum. And I did it not once, but twice.
The original tarballs are 1 and 2. 1b and 2b are the altered versions yielding the same sum as the opposite original tarball:
-rw-r--r-- 1 10292 2015-08-07 11:52 collision1.tar.xz -rw-r--r-- 1 10292 2015-08-07 13:32 collision1b.tar.xz -rw-r--r-- 1 10292 2015-08-07 11:53 collision2.tar.xz -rw-r--r-- 1 10292 2015-08-07 13:04 collision2b.tar.xz $ sum collision*.tar.xz 42870 11 collision1.tar.xz 53341 11 collision1b.tar.xz 53341 11 collision2.tar.xz 42870 11 collision2b.tar.xz $ xz -t collision*.tar.xz ; echo $? 0 $ tar -tf collision1.tar.xz ; echo $? configure 0 $ tar -tf collision1b.tar.xz ; echo $? configure 0 $ tar -tf collision2.tar.xz ; echo $? Makefile 0 $ tar -tf collision2b.tar.xz ; echo $? Makefile 0If a weak hash is used, or if a way of creating hash collisions is found, xz makes it easy to create altered tarballs with the same hash and size. Just try to do the same with bzip2, gzip or lzip without adding trailing garbage.
Best regards, Antonio.