1

I want to make sure that the dynamic link libraries used by my application can't be replaced with other libraries of the same name, in order to inject malicious code. Therefore, I thought about creating a fingerprint of the DLLs before releasing new application versions.

The application would then validate the fingerprint before the DLL is loaded. Would this provide good protection in the above scenario?

Regarding the hash function: I'm not sure whether or not to use MD5, or one of SHA algorithms. I know MD5 isn't safe to collision attacks, but it is safe against preimage attacks.

Against which attacks should I protect the libraries (using fingerprints)?

Steven Volckaert
  • 1,193
  • 8
  • 15
WMEZ
  • 341
  • 2
  • 11

1 Answers1

2

It all boils down to how compromised your system is. If attacker is able to only put/replace your dlls with malicious ones - probably some sort of digital signature will help to filter our untrusted dlls.

If attacker controls system enough to replace not only dlls, but also your executable - he can modify code which verifies signature, defeating your protection.

As for .net assemblies strong names - strong name is not for security and must not be considered as a protection. It can only help to ensure that assembly was issued by a specific vendor, and not modified since then. Assembly can be modified and re-signed at any point with different private key (of course, vendor will change in this case). But assembly will remain valid and signed.

As for hashing algorithm - it is probably fine to use SHA256, it is used by microsoft when computing hash for digital signature of assemblies.

Alexander
  • 176
  • 1
  • 2