Sunday, January 04, 2009

This Hash Is Stale

The MD5 algorithm has been considered cryptographically weak since around 1996. There were also known collisions (where two different "initialization vectors" - such as X.509 certificates - result in the same hash) in 1993, which shows that the MD5 algorithm had issues even back then. Another public announcement in October, 2006 mentioned that they made a Certificate/CA pair that collided (the pair was made in March 2005). The fact that it is now becoming "news" is a bit of an issue. Sort of like Microsoft taking over 7 years to release a Critical patch (like they did recently - see http://hiltont.blogspot.com/2008/11/pretty-sure-this-holds-record.html).

Vlastimil Klima, on 18 March, 2006, even published an algorithm (based on his previous efforts) that allowed a collision between two different X.509 Certificates to be found in about a minute on a single notebook. A month later he revised the paper with new algorithms that reduces this minute to 31 seconds. On a 3.2 GHz Pentium4 based computer, the average time is only 17 seconds. This algorithm is far from being hard to crack!

Out of interest, Firefox users have the ability, through the use of http://www.codefromthe70s.org/sslblacklist.aspx, to be able to see if a certificate chain is still using MD5, therefore possibly not to be trusted. IE users are, right now, need to view the Details tab of the Certificate to see the signing and hashing algorithms used.

Verisign, probably the (or one of the) world's largest certificate issuers, has finally, because of this recent exploit, stopped issuing MD5 certificates. That's appalling - using a known weak security algorithm in a certificate when you're a big "security" company like this.

Lax security companies concern me greatly - they sell security, but don't practice it. :(

Regards,

The Outspoken Wookie

No comments: