Oddur Magnusson

Object reference not set to an instance of a human being

Assembly Signing Trustworthyness

Robert McLaws's company Interscape (which I presume we are all familiar with ;) just released a VS.net addon, called Deadbolt.net that simplifies assembly signing. I think that addon is a great idea and probably will help people who otherwise would not sign their assemblys. But should those people be publishing signed assemblys ? Should people who are not that familiar with strong names and .net security be publishing assemblys that can by registered with the GAC ? Might that be the reason MS skipped the "sign assembly" menu item in their release ?

Verisign makes it pretty hard for people to buy their certificates, that is so you can trust the sites verisign signs. Because you know SmallTimeCrocksLookingForQuickCash.com will not get certified by VeriSign. The same I think about signed assemblys, sure everyone with sn.exe can sign and create strongly named assemblys, but doing so requires basic understanding in .net security, therefore making the signature more trustworthy.

Posted: Dec 23 2003, 01:52 PM by oddurmag | with 7 comment(s)

Comments

TrackBack said:

# December 23, 2003 3:56 AM

Robert McLaws said:

Just because an assembly is signed doesn't mean it's going to make it into the GAC. What it really means is that no one else can spoof the assemblym which is the critical part. The DeadBolt.NET User's Guide has a two-page backgrounder on Assembly Signing, which I think is a must read for everyone. I'd also read the section on Certificates in "Security for VB.NET", which talks about why VeriSign's certificates and Strong Name Keys are two totally different things.
# December 23, 2003 8:57 AM

Frans Bouma said:

"What it really means is that no one else can spoof the assemblym which is the critical part."
It takes an average hacker 15 seconds to achieve that. Hints: ILASM and ILDASM and a new key generated with sn.exe. Happy holidays, Robert :)
# December 23, 2003 9:02 AM

denny said:

"What it really means is that no one else can spoof the assemblym which is the critical part."
It takes an average hacker 15 seconds to achieve that. Hints: ILASM and ILDASM and a new key generated with sn.exe. Happy holidays, Robert :)


CRACKER not HACKER!!!

CRACKER == BlackHat Evil person

HACKER == WHiteHat Good person

I am a Hacker, I don't steal.
Sorry but I grew up with the "Old School" where Hackers are the guys who wrote the amazing and elegant code that made the system work better / faster / on less memory and so on.....

# December 23, 2003 9:12 AM

Frans Bouma said:

sorry denny, my bad, I should have used cracker, but most people use that word for a hard piece of bread. ;)
# December 23, 2003 9:24 AM

Bill said:

15 seconds to achieve what? A new file with the same file name? I can do that with notepad. The full assembly name will have a different public key token.
# December 23, 2003 2:32 PM

Christophe Lauer said:

Frans, I do not understand your technique to signed assemblies spoofing using ILDASM/ILASM. All you'll ever manage to produce by doing so is an assembly with the same name, the same classes and methods but with a different public key, so you won't be able to spoof the original one. Am I missing something?

Personaly, I often advise my ISV partners to sign their assemblies, even if they do not deploy them in the GAC. Why doing so? Signing assemblies prevents modification of their contents, like copyright strings, for instance ;-) This also protects ISVs of doing support on their products on pieces of code that would have been unassembled and reassembled (ILDASM/ILASM, or by using something like Anakrino) by some genuis white hat hacker of their customers :)
# December 30, 2003 4:07 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)