An embryo for a brilliant man-in-the-middle attack?

Most of us know that MD5 is at risk and that MD5 has been proven vulnerable to birthday attack.
But what you might not know is that a team have managed to create a fully valid and forged CA certificate, using the MD5 weakness. Both Internet Explorer and Firefox accepts this certificate. The team presents how they managed to create a fully forged certificate (using PS3’s!!), and also provide some advise for the internet communuity, I hope Bill and the firefox team listens to this 🙂 . The team presented this at the Chaos Computer Club congress.
There are several CA’s still today signing certificate request using MD5 as hashing algorithm, and as long as these certificates are accepted by your customer browser, your business is at risk.
Next time your customer is using a Wi-Fi net, or his DNS has been attacked, then your customer maybe have tuned his computer to the wrong TV-channel, and is under a man-in-the-middle attack. Dan Kaminsky have an interesting ppt, explaining complexity/vulnerabilities in computer network and DNS Attacks.

While most of us are trying to enforce SHA2 as base standard in the world, the cryptographic community is now dealing with SHA3 competition, so hopefully this will push the browser manufacturers to support SHA3 and at the same time slowly phase out MD5.

As always, security is a not a product, it’s a process, and never stronger than its weakest link.


~ by petergullberg on December 30, 2008.

2 Responses to “An embryo for a brilliant man-in-the-middle attack?”

  1. Hello Peter,
    I agree with your analysis: the CA should stop issuing certificates that use MD5 and browsers should reject certificates whose certificate path contains broken hash functions like MD5.

    However, the CA’s could do even more: revoke all previously issued MD5-certificates and provide those customers with new certificates (for free). All previously issued MD5-certificates could still be misused in a similar way. Even though the current attack you refer to requires a MD5 collision to be found *before* a certificate is requested from the CA.

  2. Hi Mark,

    Thanks for sharing your opinion. and I agree (as well). After this was posted, there have been activitiy from severals CA’s, and I assume we will see even more…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: