SSL broken! Hackers create rogue CA certificate using MD5 collisions

[johngalt]

December 30th, 2008

SSL broken! Hackers create rogue CA certificate using MD5 collisions

Posted by Ryan Naraine @ 6:00 am

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority (CA), a breakthrough that allows the forging of certificates that are fully trusted by all modern Web browsers. The research, which will be presented today by Alex Sotirov (top left) and Jacob Appelbaum (bottom left) at the 25C3 conference in Germany, effectively defeats the way modern Web browsers trust secure Web sites and provides a way for attackers to conduct phishing attacks that are virtually undetectable.

The research is significant because there are at least six CAs currently using the weak MD5 cryptographic algorithm in digital signatures and certificates. The most commonly used Web browsers — including Microsoft’s Internet Explorer and Mozilla’s Firefox — whitelist these CAs, meaning that a fake Certificate Authority can display any site as secure (with the SSL padlock).
“We basically broke SSL,” Sotirov said in an interview ahead of his 25C3 presentation.

Our main result is that we are in possession of a “rogue” Certification Authority (CA) certificate. This certificate will be accepted as valid and trusted by many browsers, as it appears to be based on one of the “root CA certificates” present in the so called “trust list” of the browser. In turn, web site certificates issued by us and based on our rogue CA certificate will be validated and trusted as well. Browsers will display these web sites as “secure”, using common security indicators such as a closed padlock in the browser’s window frame, the web address starting with “https://” instead of “http://”, and displaying reassuring phrases such as “This certificate is OK ” when the user clicks on security related menu items, buttons or links.
​

Researchers at the Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands helped in the design and implementation of the attack using an advanced implementation of a known MD5 collision construction and a cluster of more than 200 PlayStation 3 game consoles.


More at SSL broken! Hackers create rogue CA certificate using MD5 collisions | Zero Day | ZDNet.com

 

[NormCameron]

That's a cause for concern isn't it?. Had to happen I suppose.

Norm

 

[johngalt]

Major concern - our own dmex (aka Steven) has found that it goes a lot further than just website certificates - in fact, this affects *all* digital certificates that are based upon MD5 hashing, including Windows Authenticode stuff....

 

[bambi]

That does seem scarey. Though at the moment the information on creating this is not within reach of normal people? (aka evil leaked onto dark parts of interweb)?

-baMBi-

 

[NormCameron]

Major concern - our own dmex (aka Steven) has found that it goes a lot further than just website certificates - in fact, this affects *all* digital certificates that are based upon MD5 hashing, including Windows Authenticode stuff....

And is there anything we need to be doing? Keep us posted.

Norm

 

[johngalt]

That does seem scarey. Though at the moment the information on creating this is not within reach of normal people? (aka evil leaked onto dark parts of interweb)?

-baMBi-

It *is* within our reach because of the fact that Windows uses Authenticode to verify signatures of critical system files, and Steven's research shows that, for example, a couple of key files used by Nero Burning ROM are actually verified using expired certificates - meaning someone could come along and write a fake certificate for those files, and you would never now it - and then get all sorts of nasty stuff onto your computer because Windows would see the file as legitimate.

And is there anything we need to be doing? Keep us posted.

Norm

As soon as I hear from him it'll be posted.

 

[Joe]

Thanks for the post!

 

[echrada]

Thanks for this, very good post.

We must be greatful that people like Steven are working on a fix.

 

[Futuristic]

Fix? Probably Not...

Thanks for this, very good post.

We must be greatful that people like Steven are working on a fix.

This probably won't be so much a Fix, as a forced change.

Think MD5=WEP. When WEP was compromised, we didn't fix it, we changed to WPA/WPA2.

Same sort of thing is likely here. There are still plenty of secure hashing algorithms, but the CAs will need to change from MD5 to one of those, and reissue certs. Keep in mind, most of the CAs stopped issuing MD5 X.509 certs a while back. Most are SHA-1 these days. (NB: SHA-1 has also shown collision vulnerabilities and will be compromised in the same way as MD5 sometime in the future. SHA-2 was created because of this. It's all on ongoing battle.)

I'll leave the MS Authenticode issues for others to discuss, I assume there are more subtle problems involved with updating that.

Futuristic

 

[NormCameron]

14% of SSl Certificate unsafe

Netcraft provided more details on a critical digital certificate vulnerability revealed last week. Although Microsoft downplayed the problem by stating that the successful exploit was not published, Netcraft found that 14% of SSL certificates use the vulnerable MD5 hashing algorithm. That number may provide a large enough target for attackers to invest time into cracking MD5, while certificate authorities will have a choice of using MD5 and hope that it will not be cracked or transitioning to a stronger encryption technology such as SHA-1.
Read more at:-

TG Daily - 14% of SSL certificates on the Internet potentially unsafe

Norm

 

[johngalt]

I am surprised thathte number is that low...

 

[NormCameron]

I am surprised that the number is that low...

Oh, I am sure you are right and the numbers are much bigger. However that number in itself is pretty big, and well worth hackers exploiting the vulnerability.

Norm

 

[Bare Foot Kid]

Hello Futuristic, welcome to Se7en Forums!



















Later :shock: Ted