If I use the hash [tex]x \mapsto c ^ x \mod m[/tex] for some [tex]c[/tex] and [tex]m[/tex], then this hash uses the same tough problem as Diffie-Hellman (ie. logarithms are hard in finite fields). If you can break my suggested method, then you can break it if it used Diffie-Hellman. Hashes don’t need to be less secure than asymmetric cryptography. (Oh, note that this isn’t a great hash for collisions are trivially found, thanks to Euler.)

Even more general: create a keypair. Forget the private key. Use the encryption with the private key as a hash function. (With some trivial reduction afterwards)

Anyways, if you break hashes, you also break certificate based security systems .

If your C&C servers are compromised, then all your zombies are orphaned. They’re quite productive to reclaim. Infected orphaned zombies with my scheme constitute as easy-exploitable pc’s if you have the secret .

Of course the whole discussion is moot, as it is way more productive for the zombie creator (zombie master? All zombies gain swampwalk and regenrate) to just get more zombies. Orphaned zombies aren’t that much of a concern. If your c&c servers get shut down, is a sign of bigger problems. I would focus on getting more exploits out there.

A MITM attack isn’t that bad. As long as the man in the middle isn’t close to the hosts side, you will only lose a few zombies. Anyways, zombie’s are already vulnerable in the first place.

A hash collision wouldn’t help you in this case. And besides that, there are still unbroken hashes.

(The cell processor is extremely powerfull in crunching numbers for general purposes. But ok, 200 PS 3 are still less than 10,000 machines)

I don’t think that allowing zombies to forward other zombies is a good idea. Lose control of one of your zombies, and you lose them all. (the stolen zombie could easily use a man in the middle attack to hijack your zombies).

Also, if fellow black hat hackers also have a large zombie network, it would not be impossible for them to brute force a collision of your hash. The recent MD5 collision attack on ssl certs only requires 200 playstation 3’s. The average botnet has around 10.000 machines.