Tuesday, December 30, 2008

25C3: MD5 Collisions and SSL Certs

At the Chaos Computer Congress currently on in Berlin, a group of researchers have described an attack that utilizes MD5 collisions to create an intermediate Certificate Authority which would permit them to act as a Man-in-the-Middle in SSL transactions. While a lot of effort went into creating a huge hype for this announcement, the short answer is that the Internet is not dead yet.

That said, this is a potentially serious attack. It permits somebody who is capable of generating an MD5 collision to effectively impersonate any SSL enabled website.

There is very little the end user or any website administrator can do. The solutions to this attack lie with the certificate providers...who must stop issuing MD5 signed certs. Verisign has announced that they are no longer issuing MD5 signed certs, others will follow quickly.

If you are an administrator of an SSL enabled web server or application you should take a look at your cert and see if it is signed with MD5 or SHA-1. If it is MD5, it would not be a bad idea to replace it with a new one signed with SHA-1. This will not prevent this particular attack; even if you have a SHA-1 signed cert someone could impersonate your site using an MD5 signed cert; but it will go a long way to putting a nail in the coffin of MD5 signed certs once and for all.

How do you tell? Connect to each of your SSL enabled sites and double click on the padlock in the bottom right corner. Click "View Certificate", click the details tab, scroll all the way down to the bottom and click on "Certificate Signature Algorithm" It should say "PKCS #1 SHA-1 With RSA Encryption" or something similar. If it says MD5 then I recommend calling your cert issuer and requesting a new one signed with SHA-1.

No comments: