I would like to quickly summarize the SSL MD5 issue presented at the CCC congress in Berlin today. Let me start with a quick FAQ:
So what is the problem? The problem is that some certificate authorities use MD5 hases to validate certificates they issue. MD5 hashes have been shown to be weak for a while now, and this is just yet another attack using these known weaknesses. These certificate authorities have to change the way they do business (e.g. they have to use SHA1 hashes). Your browser includes a set of trusted certificate authorities. Sadly, some very popular CAs do use MD5s. Disabling these CAs is not recommended or feasible. The attack is still not easy, but very much possible and not just "theoretical". The researchers uses a cluster of 200 Playstation3 systems, and it took them a couple days. So a resonable size botnet would do it probably faster.
Once you have the fake duplicate CA, you could sign certificates at will and a browser would trust them. This can now be used for MiM (Monkey in the Middle) attacks and to impersonate trusted websites.
Basic "best pratices" still apply. This attack is not a "game changer". Most attack will probably still use bad certificates and ask the user to click "ok" to accept the bad certificate.
So short summary: It is bad, but there isn't much you can or need to do right now. Just stay vigilant and read the vendor announcements below for more details:
(we will add more as we find them)
Dec 30th 2008
|Thread locked Subscribe||
Dec 30th 2008
1 decade ago