SSL MD5 – Busted Wide Open With 200 PS3s
So you’re surfing on the internet. And you think that your secure connection really is secure, because your web browser tells you. It is Secure Sockets Layer (SSL) with a guaranteed signed safe certificate and shiny icon in your browser to show that you’re safe.
But are you?
Apparently, not.
On Tuesday the 25th (just in time for Christmas!) at the Chaos Communication Congress where the motto was “Nothing to hide” it was revealed that, as was already widely known, the MD5 algorithm still used by some sorry old souls for a secure SSL connection is sorely in need of punting to oblivion.
Or to put it another way, researchers from Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, Eindhoven University of Technology (TU/e) in the Netherlands and independent labs in California were able to use a cluster of 200 Playstation 3 consoles armed with Linux to generate millions of possible certificates until they found just the right “special” (flawed) certificate that would validate as they wanted for multiple signatures because of a “collision” flaw in MD5. They then registered (legally) their certificate with a company that allows the use of the outdated MD5 and voila, they can use this bad certificate to impersonate any number of bank, store, and other secure websites with what your web browser will tell you is a legitimate secure connection. Or at least they could if they hadn’t intentionally set their certificate to expire in 2004 to show that their proof of concept attack works without it actually presenting a danger to anyone in itself.
The solution? Simple. Toss out MD5 completely. Web browsers can certainly be designed to reject MD5. SSL, or actually now Transport Layer Security (TLS) in the latest versions, certainly doesn’t need the MD5 algorithm anymore. It’s only been there for backward compatability, having been long replaced by SHA-2.
But to do that, you have to risk some old hangers-on no longer having their secure connections because they still use MD5. A risk, that as has just been proven with 200 PS3s (And how cool is that?) is worth it in my opinion to avoid the greater risk that the next time you click on some URL, the “secure” website you visit really will be a secure website and not some MD5-hacked phishing website that your browser says is secure … but really isn’t.
SugarSweet:
I believe you are mistaken on what is actually broken. This is not about the use of MD5 for the symmetric encryption used in the first part of the SSL handshake. This is about using MD5 to sign (hash) a certificate. A certificate signed with MD5 can still be used in an SSL handshake using a more secure crypto function, such as SHA-2.
There currently isn’t an easy way to disable the accepting of a certificate signed with MD5 in a browser. You can disable the support of MD5 in the SSL handshake, but this does not address the issue.
December 30, 2008, 5:45 pmSugarSweet:
Correction: MD5/SHA-2/hash-function is used to verify that what the client thinks it sent/received is the same as what the server sent/received (a MAC of the handshake).
December 30, 2008, 5:53 pmArah:
I think you’re a tad mistaken yourself. My point is MD5 is flawed. We’ve known it for years and we just need to get rid of it. Period. That’s all I’m really saying. (That and how cool it was to use a cluster of PS3s running Linux.) Sorry if it didn’t come through clearly enough.
And thanks for visiting and giving your input.
December 31, 2008, 6:02 pmTechnology » Blog Archive » Cnlogger Article » Don’T Steal My Information!:
[...] InsanIT.net » Blog Archive » SSL MD5 – Busted Wide Open With 200 PS3s [...]
February 7, 2009, 10:08 pmTechnology » Blog Archive » Secure Sockets Layer ( Ssl ) « Network:
[...] InsanIT.net » Blog Archive » SSL MD5 – Busted Wide Open With 200 PS3s [...]
February 23, 2009, 10:54 am