http://windowsconnected.com/blogs/aubrey/archive/2008/12/30/md5-pki-compromised.aspx
http://www.win.tue.nl/hashclash/rogue-ca/
Ok, excuse the sensationalist title, but this probably has fairly far reaching consequences. Expect phishing scams to become a darn site more elaborate in the future (and seeing how easy it is to fool someone into putting details into fakebank.com this is very
worrying).
Anyone think this is likely to become a real threat or just stay in the realms of computer security experts?
-
GoddersUK
My five year mission: To boldly split infinitives that no man has split before!
-
blowdart
Peek-a-boo
No, it won't become a common threat for a few reasons (ok the reasons are simplified - but still, it's more "Stop being so stupid people" rather than anything else)
1) It takes a specially crafted certificate request, and a suitable response.
2) It takes a lot of computing power to get the fake request suitably built.
3) It requires the CA to issue certificates using MD5 checksums, Verisign were already phasing this out anyway. Hopefully my cert provide will finally do the same thing.
4) CRLs can easily disable the certs if they are discovered - and because of the specialist crafting that will be easy to check if requests are archived.
(Oh and it's not just SSL; it's X509 - so code signing certs ... they would be vulnerable too)
Of course others may think differently
-
The tittle of this thread is lame.blowdart said:No, it won't become a common threat for a few reasons (ok the reasons are simplified - but still, it's more "Stop being so stupid people" rather than anything else)
1) It takes a specially crafted certificate request, and a suitable response.
2) It takes a lot of computing power to get the fake request suitably built.
3) It requires the CA to issue certificates using MD5 checksums, Verisign were already phasing this out anyway. Hopefully my cert provide will finally do the same thing.
4) CRLs can easily disable the certs if they are discovered - and because of the specialist crafting that will be easy to check if requests are archived.
(Oh and it's not just SSL; it's X509 - so code signing certs ... they would be vulnerable too)
Of course others may think differently
The number of hoops they jumped though in order to get one forged CA was nothing short of heroic. The technique they employed it very easily countered on a number of points (MD5 only being one of them) while others including using non-sequential serial numbers and salting.
Action does need to be taken by CAs, Browser/OS vendors and the Certificate generation software. Namely the first two need to work to make sure MD5 is banned while the third needs to work on strengthing the certificates themselves so even a weak hashing algorithm won't be broken.
-
stevo_
Human after all
SSL isn't isnt nec the flaw, more the PKI - as article explains.ManipUni said:
The tittle of this thread is lame.blowdart said:*snip*
The number of hoops they jumped though in order to get one forged CA was nothing short of heroic. The technique they employed it very easily countered on a number of points (MD5 only being one of them) while others including using non-sequential serial numbers and salting.
Action does need to be taken by CAs, Browser/OS vendors and the Certificate generation software. Namely the first two need to work to make sure MD5 is banned while the third needs to work on strengthing the certificates themselves so even a weak hashing algorithm won't be broken.
-
evildictaitor
strcpy(malloc(4), "Oh noes!");
It doesn't matter that a huge amount of computation is needed to generate the CA certificate - you think criminal organisations don't have huge botnets at their disposal? And anyhow - once the CA certificate has been issued it'll show the happy green bar with a lock certifying the criminal organisations' credit-card stealing website as your local bank - and when they send out a couple of million spam emails telling them they need to change their mortgage/creditcard/whatever details and point out that the website is definitely BOA/HBOS/whatever then a couple of thousand compromised accounts is a whole truck-load of identity-fraud and bank-theft.ManipUni said:
The tittle of this thread is lame.blowdart said:*snip*
The number of hoops they jumped though in order to get one forged CA was nothing short of heroic. The technique they employed it very easily countered on a number of points (MD5 only being one of them) while others including using non-sequential serial numbers and salting.
Action does need to be taken by CAs, Browser/OS vendors and the Certificate generation software. Namely the first two need to work to make sure MD5 is banned while the third needs to work on strengthing the certificates themselves so even a weak hashing algorithm won't be broken.
Slightly more interesting, of course, is the fact that embassy-embassy traffic relies on SSL encryption to keep the russians/french/cubans/americans out, and so there will be a lot of nervous agencies working on upgrading their TAs.
Thread Closed
This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.