-
Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
Use SHA-256 Digital Signature
- Thread starter Selaya
- Start date
- Joined
- May 14, 2004
- Messages
- 28,757 (3.74/day)
| Processor | Ryzen 7 5700X |
|---|---|
| Memory | 48 GB |
| Video Card(s) | RTX 4080 |
| Storage | 2x HDD RAID 1, 3x M.2 NVMe |
| Display(s) | 30" 2560x1600 + 19" 1280x1024 |
| Software | Windows 10 64-bit |
dual signatures are used on the driver files to retain xp compatibility
just signing the exe with sha256 will break the signature validation on several legacy OS configs, not sure what's to be gained here, except more complexity and making things more brittle. modding the gpuz.exe with a trojan and then magically fixing the bytes so that the sha1 signature remains valid seems like something that might happen on tv ..
just signing the exe with sha256 will break the signature validation on several legacy OS configs, not sure what's to be gained here, except more complexity and making things more brittle. modding the gpuz.exe with a trojan and then magically fixing the bytes so that the sha1 signature remains valid seems like something that might happen on tv ..
- Joined
- Jan 29, 2023
- Messages
- 1,690 (2.00/day)
- Location
- France
| System Name | KLM |
|---|---|
| Processor | 7800X3D |
| Motherboard | B-650E-E Strix |
| Cooling | Arctic Cooling III 280 |
| Memory | 16x2 Fury Renegade 6000-32 |
| Video Card(s) | 4070-ti PNY |
| Storage | 500+512+8+8+2+1+1+2+256+8+512+2 |
| Display(s) | VA 32" 4K@60 - OLED 27" 2K@240 |
| Case | 4000D Airflow |
| Audio Device(s) | Edifier 1280Ts |
| Power Supply | Shift 1000 |
| Mouse | 502 Hero |
| Keyboard | K68 |
| VR HMD | Steam Deck OLED |
| Software | EMDB |
| Benchmark Scores | 0>1000 |
A bit more explanation about different checksums and why thoses can become "obsolete" would be welcome, i know CRC32 can output duplicates, but, idk for MD5, SHA1...
- Joined
- Aug 20, 2007
- Messages
- 22,294 (3.44/day)
- Location
- Olympia, WA
| System Name | Pioneer |
|---|---|
| Processor | Ryzen 9 9950X |
| Motherboard | MSI MAG X670E Tomahawk Wifi |
| Cooling | Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans... |
| Memory | 128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK) |
| Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
| Storage | Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5" |
| Display(s) | 55" LG 55" B9 OLED 4K Display |
| Case | Thermaltake Core X31 |
| Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
| Power Supply | FSP Hydro Ti Pro 850W |
| Mouse | Logitech G305 Lightspeed Wireless |
| Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
| Software | Gentoo Linux x64, other office machines run Windows 11 Enterprise |
Yes, SHA1 has collisions ("duplicates" is the wrong term here, technically). So does MD5. MD5 has for friggin ages actually. I think SHA1's first was in 2017.
Some reading:
Announcing the first SHA1 collision
Posted by Marc Stevens (CWI Amsterdam), Elie Bursztein (Google), Pierre Karpman (CWI Amsterdam), Ange Albertini (Google), Yarik Markov (Goog...
Md5 Collisions And The Impact On Computer Forensics
Abstract:The Message Digest 5 (MD5) hash is commonly used as for integrity verification in the forensic imaging process. The ability to…
- Joined
- Aug 4, 2020
- Messages
- 1,665 (0.95/day)
- Location
- ::1
even if it's dual-signed w/ both sha-1 and sha-256?
- Joined
- Apr 24, 2020
- Messages
- 2,875 (1.55/day)
SHA and MD5 are so called cryptographic algorithms.
It's not about 'can output duplicates' per se. It's about 'Dedicated Opponent tries to create a duplicates'.
CRC32 won't make a duplicate in the average case and is therefore widely used on trusted networks, like Ethernet packets or IP.
But if you don't trust the communications (ie: a hacker might change something behind our backs), we need a different algorithm.
MD5 has weaknesses that suggests that eventually (with a bit more math), someone could find a hash collision. Same with SHA1.
But both are far more secure than CRC32 / typical use cases. But at that point we should just use CRC32 if we didn't care about a dedicated attacker, because CRC32 is likely sufficient.
- Joined
- May 14, 2004
- Messages
- 28,757 (3.74/day)
| Processor | Ryzen 7 5700X |
|---|---|
| Memory | 48 GB |
| Video Card(s) | RTX 4080 |
| Storage | 2x HDD RAID 1, 3x M.2 NVMe |
| Display(s) | 30" 2560x1600 + 19" 1280x1024 |
| Software | Windows 10 64-bit |
Microsoft makes the rules. This is specifically about being able to load a kernel driver on a Windows machine, to get the Digital Signature populated in the EXE properties and to get it to show "TechPowerUp" when you start it after downloading
- Joined
- Jan 29, 2023
- Messages
- 1,690 (2.00/day)
- Location
- France
| System Name | KLM |
|---|---|
| Processor | 7800X3D |
| Motherboard | B-650E-E Strix |
| Cooling | Arctic Cooling III 280 |
| Memory | 16x2 Fury Renegade 6000-32 |
| Video Card(s) | 4070-ti PNY |
| Storage | 500+512+8+8+2+1+1+2+256+8+512+2 |
| Display(s) | VA 32" 4K@60 - OLED 27" 2K@240 |
| Case | 4000D Airflow |
| Audio Device(s) | Edifier 1280Ts |
| Power Supply | Shift 1000 |
| Mouse | 502 Hero |
| Keyboard | K68 |
| VR HMD | Steam Deck OLED |
| Software | EMDB |
| Benchmark Scores | 0>1000 |
Windows needs SHA1 in digit sign, but can another algorythm be added(so, asecond line) ?.. or is it forbidden/impossible.
- Joined
- May 14, 2004
- Messages
- 28,757 (3.74/day)
| Processor | Ryzen 7 5700X |
|---|---|
| Memory | 48 GB |
| Video Card(s) | RTX 4080 |
| Storage | 2x HDD RAID 1, 3x M.2 NVMe |
| Display(s) | 30" 2560x1600 + 19" 1280x1024 |
| Software | Windows 10 64-bit |
Yes, a second one can be added, but on some older OS's it can cause trouble, because they don't understand them