Navigation

Search

Categories

On this page

Archive

Blogroll

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

RSS 2.0 | Atom 1.0 | CDF

Send mail to the author(s) E-mail

Total Posts: 83
This Year: 0
This Month: 0
This Week: 0
Comments: 20

Sign In

# Wednesday, 31 December 2008
MD5-signed X.509 certificates in trouble
Wednesday, 31 December 2008 10:25:26 UTC ( Security )

Security researchers have proven a successful collision attack against MD5-signed X.509 certificates. This would enable an attacker to create their own X.509 certificate with same digital signature as the original certificate. This certificate can then be used to sign additional certificates and provide whatever details they please, all trusted by existing security infrastructures. This will work great phishing and man-in-the-middle attacks.

This was performed using a cluster of 200 PlayStation 3’s and is reproducible with a couple of days of computing.

The risks inherent when using the MD5 hash algorithm have been known for quite some time and the recommendation is to move to the SHA family. Most certificates should as such be signed with SHA-1 instead of MD5, but history has proven that there are always old installations and old configurations around.

The following public Certificate Authorities are still using MD5 signing:

    • RapidSSL
    • FreeSSL
    • TrustCenter
    • RSA Data Security
    • Thawte
    • verisign.co.jp

The security researchers sampled 30.000 certificates, whereof 9.000 were using MD5 and 97% of those were issued by RapidSSL.

It’s time to review the algorithm used on your certificates; hopefully it is using SHA. This is easily verifiable if you look at the certificate properties. This is not a problem with EV certificates as they do not support the MD5 algorithm.

Microsoft recently issued this security advisory.

Comments are closed.