Tuesday, December 30, 2008

CA's need to move on from MD5

As I'm sure the Internet news will be full of the story for the next week or two, I'll keep this post brief.

In today's session at the 25th Chaos Communication Congress (25C3), Alexander Sotirov and Jacob Appelbaum presented their much anticipated topic "Making the Theoretical Possible" - which covered the exploitation of MD5 weaknesses to allow them to create fake (counterfeit) certificates for the use of SSL transactions.

Apparently the joint work required the use of some 200 PS3 systems to do the number crunching.

There's a good article on ZDNet at the moment "SSL broken! Hackers create rogue CA certificate using MD5 collisions" that covers the talk and its findings. Granted, its a bit sensationalist, but the presentation has been yanking a few chains for a week now - and there had been a lot of speculation about the nature of the threat (the content had been redacted before today).

Nuts and bolts of this though is that signing Certificate Authorities should have dropped the use of MD5 by now, and should have been using stronger hashing functions - such as SHA-2.

It's also another reminder why the current work in finding a successor to SHA-2 is important and, while it'll take a couple of years to be "approved" the SHA-3 algorithm will be a mandatory evolution in the face of increasing CPU power.

One last note - about the use of the 200 PS3 systems. A couple of the news stories I've read seem to imply that this was quite a feat, but outside of the capabilities (investment?) of the bad guys. Well, they're wrong. The bad guys have access to the same equipment and, more importantly, the money and incentive to pursue this type of activity. Oh, and they needn't be restricted to PS3 systems - they could invest in a cheaper (and more scalable) solution using the various FPGA solutions out there already - such as the ones used earlier this year at Blackhat Europe for cracking A5/1 GSM (see my earlier blog on the topic - "The Cost of Networking @ Blackhat").

Update 12/30 -- A full paper on their research and paper is now available online... http://www.win.tue.nl/hashclash/rogue-ca/

Wednesday, December 24, 2008

Merry Christmas to a New Security Blog

So, after several years of blogging and battling with various posting software permutations, I've decided to make use of blogger.com as the portal for new blogs about security.

I'll still keep posting to the other sites www.technicalinfo.net and blogs.iss.net - but this will (hopefully) become the main blog portal for those various "pearls of security wisdom" that past readers have been so fond of.

In addition, since this blog won't be an official IBM or X-Force blog, I'm planning on being a little more opinionated and judgemental - but as professional as ever - with maybe a pinch more sarcasm. It'll also allow me a bit more flexibility in the topics I cover - so expect a wider variety of discussions.

One thing I'm really hoping for though, is the ability to pull together blog content and get it online faster than ever before. If you knew how cumbersome the X-Force blogging system is, and how often the staging server brakes down, you'd soon see why so few IBMers bother blogging there.

So, with all that said, this is my Christmas present to both of us - a new blog, with a better input interface, and the prospect of more frequent and interesting blogs.

Merry Christmas.