Tuesday, December 30, 2008

CA's need to move on from MD5

As I'm sure the Internet news will be full of the story for the next week or two, I'll keep this post brief.

In today's session at the 25th Chaos Communication Congress (25C3), Alexander Sotirov and Jacob Appelbaum presented their much anticipated topic "Making the Theoretical Possible" - which covered the exploitation of MD5 weaknesses to allow them to create fake (counterfeit) certificates for the use of SSL transactions.

Apparently the joint work required the use of some 200 PS3 systems to do the number crunching.

There's a good article on ZDNet at the moment "SSL broken! Hackers create rogue CA certificate using MD5 collisions" that covers the talk and its findings. Granted, its a bit sensationalist, but the presentation has been yanking a few chains for a week now - and there had been a lot of speculation about the nature of the threat (the content had been redacted before today).

Nuts and bolts of this though is that signing Certificate Authorities should have dropped the use of MD5 by now, and should have been using stronger hashing functions - such as SHA-2.

It's also another reminder why the current work in finding a successor to SHA-2 is important and, while it'll take a couple of years to be "approved" the SHA-3 algorithm will be a mandatory evolution in the face of increasing CPU power.

One last note - about the use of the 200 PS3 systems. A couple of the news stories I've read seem to imply that this was quite a feat, but outside of the capabilities (investment?) of the bad guys. Well, they're wrong. The bad guys have access to the same equipment and, more importantly, the money and incentive to pursue this type of activity. Oh, and they needn't be restricted to PS3 systems - they could invest in a cheaper (and more scalable) solution using the various FPGA solutions out there already - such as the ones used earlier this year at Blackhat Europe for cracking A5/1 GSM (see my earlier blog on the topic - "The Cost of Networking @ Blackhat").

Update 12/30 -- A full paper on their research and paper is now available online... http://www.win.tue.nl/hashclash/rogue-ca/

No comments:

Post a Comment