Weakness in some certificate authorities
Dec. 31st, 2008 01:14 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
Serious Internet geeks may want to take a look at this article in Ars Technica.
Summary: it's been known for a while that the MD5 hash algorithm is a bit weak. Some researchers have used this weakness to create a *really* horrible hack, allowing them to impersonate a major top-level Certificate Authority for cert-signing purposes. They're not saying exactly how the hack works, but the implication is that hackers (using this and other known techniques) could use this to more or less completely impersonate major secure sites, so that users would have no way of knowing that they're talking to a forgery. Very, very, *very* bad.
Moral of the story is that, if you're using MD5 for anything really important, it may be time to move on to better algorithms. With any luck, this will spur all the CAs to do so -- certainly, I would hope that any financial institution would be putting the thumbscrews on its CAs to do so quickly...
Summary: it's been known for a while that the MD5 hash algorithm is a bit weak. Some researchers have used this weakness to create a *really* horrible hack, allowing them to impersonate a major top-level Certificate Authority for cert-signing purposes. They're not saying exactly how the hack works, but the implication is that hackers (using this and other known techniques) could use this to more or less completely impersonate major secure sites, so that users would have no way of knowing that they're talking to a forgery. Very, very, *very* bad.
Moral of the story is that, if you're using MD5 for anything really important, it may be time to move on to better algorithms. With any luck, this will spur all the CAs to do so -- certainly, I would hope that any financial institution would be putting the thumbscrews on its CAs to do so quickly...
(no subject)
Date: 2008-12-31 06:39 pm (UTC)Basically, the next release of every browser is going to stop accepting MD5 SSL certificates. Until then, SSL certificates aren't worth very much. At least two major CAs -- Geotrust and GTE CyberTrust -- have been issuing loads of MD5 certs. They're going to go through a major re-issuance phase, or else be laughed at when they try to downplay the significance of the breach.
Depends
Date: 2009-01-01 01:29 pm (UTC)Depends on the value of what they're protecting. I doubt anybody's going to spend $80K on hardware to crack the cert on my IMAP server.
(Not that I'm using MD5, mind you. I'm self-signed, since I have a userbase of two, so I can generate whatever I want.)
(no subject)
Date: 2009-01-01 03:10 am (UTC)Thanks...that was fun!
Date: 2009-01-02 06:01 pm (UTC)-N