MD5 Is Officially Insecure: Hackers Break SSL Certificates

Moderator: BarsMonster

Post Reply [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
protter
Posts: 20
Joined: Tue Dec 23, 2008 10:03 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by protter » Sun Jan 11, 2009 10:14 pm

Ever wanted to be an Intermediate Certificate Authority?

Speaking at the 25th annual Chaos Communication Conference (25C3) early last week, security researchers demonstrated the first known application of a years-old theoretical attack against the MD5 hashing algorithm used by companies like Verisign and Thawte to issue SSL certificates.

SSL certificates use hash codes generated by a variety of algorithms, including MD5, to verify their issuer’s identity. The hash code is an important feature of public-key cryptography, which SSL is based upon, as it is essential to protecting the secret, private code that CAs use to sign SSL certificates.

By exploiting a weakness specific to hashes generated with the MD5 algorithm – namely, that they are prone to “collisions”, or multiple inputs producing the same output – an attacker could derive a working private key from a single, regular SSL certificate, and then use that key to sign future SSL certificates with the original CA’s signature.

Security experts have known about the possibility for MD5 collisions since at least 2004. Until now, however, the vulnerability was dismissed as a theoretical possibility due to the amount of CPU time needed to attack a single hash for collisions. The 25C3 presenters claim they were able to run the attack in only four weekends, using a network of 200 PlayStation 3 game consoles at a cost of $657.

For about $2,000, said the presenters, an attacker could pull off a similar attack using Amazon’s cloud-computing EC2 service, and the attack would take about a day.

A successful attack would allow attackers to appoint themselves as an Intermediate Certificate Authority, and then generate trusted certificates without having to contact a real CA. The spoofed certificates could then be used to add the appearance of legitimacy to a phishing site designed to steal bank account passwords, for example.

While many CAs have moved on to the more secure SHA-1 or SHA-2 algorithms, a handful of issuers have not. Of the brands still using MD5, the researchers found approximately 97% of those certificates to be signed by Verisign-owned low-cost CA RapidSSL. Other companies using MD5 include FreeSSL, Thawte, and Verisign.co.jp.

Verisign announced that it will replace RapidSSL customers’ certificates free of charge.

“This successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites,” said security researcher Alexander Sotirov, who worked with others from the U.S., the Netherlands, and Switzerland.

Sotirov’s website includes a detailed explanation of the attack, as well as samples of a real certificate and the rogue signing certificate derived from it.

Extended-Validation SSL certificates are immune to the attack due to the fact that they are forbidden from using MD5.

Microsoft reportedly downplayed the threat, noting that the researchers withheld important information that renders the attack “not repeatable”.

A blog post from Verisign’s Tim Callahan says his company applauds the team’s research, noting that their work was so secret that not even Verisign had access to the information before the 25C3 presentation.

Customers holding an MD5-signed SSL certificate will need to contact their CA to acquire and install a new certificate on their servers.

http://www.dailytech.com/MD5+Is+Officia ... e13842.htm

VeriSign Transitions All New RapidSSL Certificates to SHA-1 Algorithm in Response to Newly-Published Security Threat
Company Confirms Newly-Discovered MD5 Exploit Ineffective on All Previously Issued RapidSSL and All End Entity Certificates; Offers Free Re-Issuance of RapidSSL on SHA-1 Algorithm to Customers Wishing to Upgrade

https://press.verisign.com/easyir/custo ... =custom_97

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by BarsMonster » Sun Jan 11, 2009 11:22 pm


User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by BarsMonster » Sun Jan 11, 2009 11:36 pm

Read it briefly, here is how it looks like:

It is not a specific target hash collision.

Simply it works like this:
They create a certificate for legitimate site, sign it and paying $ for that.
Then they create another certificate with the same MD5, hiding "random bits" used to make MD5 hash equal in the public key section of certificate.
That's it.

brunolap
Posts: 11
Joined: Fri Jan 09, 2009 7:51 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by brunolap » Mon Jan 12, 2009 12:22 am

there is a great podcast called security now at http://www.grc.com/securitynow.htm that talked about this issued on episode 177.
they are going to cover it on more detail on the next episode (179). that's gonna be next week, on thursday.

the hosts are leo laporte and steve gibson. steve is an security expert and he does a great job explaning in details some topics really dificult to understand, like this one.

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by the_drag0n » Mon Jan 12, 2009 6:04 am

you could simply watch the 25c3 live stream where it was presented first. :)

Spaztikdude
Posts: 16
Joined: Thu Oct 16, 2008 1:27 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by Spaztikdude » Mon Jan 12, 2009 9:31 am

Lol, you should read the paper though.

They had to *guess* the serial number of the certs they bought to do it.

I think they spent over $1000 of cert buying to do it. :P

User avatar
the_drag0n
Posts: 217
Joined: Thu Oct 02, 2008 6:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by the_drag0n » Mon Jan 12, 2009 2:02 pm

no they did not. because they were able to return some :)

brunolap
Posts: 11
Joined: Fri Jan 09, 2009 7:51 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by brunolap » Mon Jan 12, 2009 4:57 pm

the cool thing that i heard was that they used a cluster of PS3!!..haha
and it took a week to crack the hash

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by BarsMonster » Mon Jan 12, 2009 5:31 pm

brunolap wrote:the cool thing that i heard was that they used a cluster of PS3!!..haha
and it took a week to crack the hash
This is not a hash cracking as we understand it :-)
This is about creating of 2 byte sequences with some constraints having the same, but not-predefined hash.

And having a grid of GTXs or 4870s might do the task 5 times faster :-)

brunolap
Posts: 11
Joined: Fri Jan 09, 2009 7:51 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by brunolap » Mon Jan 12, 2009 6:06 pm

i thought it was a collision...wasn´t it?
as i understood, they managed to somehow create a valid certificate by signing it with a md5 hash of a valid certification authority. and it was possible because of the md5 wickness. am i wrong??

faster they a cluster of playstation 3??...i don´t know.
the ps3 is considered by many the most powerfull personal computer..
they must have used all kinds of possible accelerations

User avatar
Rolf
Posts: 122
Joined: Fri Dec 26, 2008 10:48 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by Rolf » Mon Jan 12, 2009 7:08 pm

Michail is right.Cell's performance is ~123,6 GFLOPS . GTX 295 has 1788,5 GFLOPS performance.
Cell processor is good, faster than current quad core ones.I am totally sure that when a 8-core processor will be available, it will be faster than Cell.

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by BarsMonster » Mon Jan 12, 2009 7:11 pm

brunolap wrote:i thought it was a collision...wasn´t it?
as i understood, they managed to somehow create a valid certificate by signing it with a md5 hash of a valid certification authority. and it was possible because of the md5 wickness. am i wrong??

faster they a cluster of playstation 3??...i don´t know.
the ps3 is considered by many the most powerfull personal computer..
they must have used all kinds of possible accelerations
Known MD5 weakness is that it is possible to generate 2 sequences of bytes which produces the same MD5 hash. Different techniques have more or less limitations on the byte stream.
First known code was producing just plain random sequences of bytes with the same context in about 1 second.
These guys managed to add some limitations, so that generated bytestream is valid certificate.

PS3 is just peak 150 GFLOP, while GPUs have exceeded 1000GFLOP.
The only question is how much local memory is needed for a task, as Cell have much more local memory.

Sc00bz
Posts: 136
Joined: Fri Oct 03, 2008 8:28 am
Contact:

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by Sc00bz » Tue Jan 13, 2009 12:06 am

BarsMonster wrote:The only question is how much local memory is needed for a task, as Cell have much more local memory.
You got that backwards a PS3 only have 256 MiB vs 512 MiB to 1 GiB. Unless you're talking about cache which then it is like what 256 kiB/core (PS3) vs 64 kiB/multiprocessor (Nvidia). I'm pretty sure that's right.

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by BarsMonster » Tue Jan 13, 2009 12:15 am

Sc00bz wrote:
BarsMonster wrote:The only question is how much local memory is needed for a task, as Cell have much more local memory.
You got that backwards a PS3 only have 256 MiB vs 512 MiB to 1 GiB. Unless you're talking about cache which then it is like what 256 kiB/core (PS3) vs 64 kiB/multiprocessor (Nvidia). I'm pretty sure that's right.
Yes, I am talking about that "cache". 64kib of registers are shared between all threads on MP, so it is definitely not much. Also, 64kb of shared memory is also shared between all threads (if each thread going to do it's own thing) so it's just few kbs of memory per thread vs 256kb.

Sc00bz
Posts: 136
Joined: Fri Oct 03, 2008 8:28 am
Contact:

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by Sc00bz » Tue Jan 13, 2009 11:22 pm

Ohh right there's always the problem with divergent code paths between threads on a MP.

synthesis
Posts: 13
Joined: Mon Oct 20, 2008 10:30 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by synthesis » Wed Jan 14, 2009 5:22 pm

Did you guys try some code on ps3? I read many articles but i really don't understand if it is worth buying it or not...

Here http://www.security-assessment.com/file ... 0.1.tar.gz you can find the code they used to test md5 cracking on cell processor. I also found a blog and the admin says he saw the fantastic number of 31 billion md5 / sec (impossible I think), "changing a few settings in the compiler to avoid branching as much as possible".

Reference here: http://yopen.net/?p=13

P.S. I'm a total noob of CPU algorythms, so I ask you what you think about it and what is the real capability of ps3 cell processor... It could be a nice low-cost cracking station!

Thanks :D

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by BarsMonster » Wed Jan 14, 2009 6:19 pm

This 31bil/sec should be a mistake.
Even at 200GFLOPs PS3 should do around ~400MHash/sec max (at that is very optimistic).

4870 is cheaper and way faster :-D

synthesis
Posts: 13
Joined: Mon Oct 20, 2008 10:30 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by synthesis » Wed Jan 14, 2009 8:04 pm

And what about PS3 GPU? It does 1800 GFLOPS :D
Can it be used? Sorry again for my zero-knowledge :roll:

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by BarsMonster » Wed Jan 14, 2009 8:35 pm

synthesis wrote:And what about PS3 GPU? It does 1800 GFLOPS :D
Can it be used? Sorry again for my zero-knowledge :roll:
Nope, it is analogue of GeForce 7800, therefore no GPGPU on it. (except old-school shaders computations which sucks)

brunolap
Posts: 11
Joined: Fri Jan 09, 2009 7:51 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by brunolap » Thu Jan 15, 2009 12:51 am

is it impossible even using a cluster of ps3?

User avatar
BarsMonster
Site Admin
Posts: 1118
Joined: Wed Oct 01, 2008 7:58 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by BarsMonster » Thu Jan 15, 2009 1:43 am

brunolap wrote:is it impossible even using a cluster of ps3?
Impossible what?

brunolap
Posts: 11
Joined: Fri Jan 09, 2009 7:51 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by brunolap » Fri Jan 16, 2009 6:45 pm

is it impossible to get 31bil/sec even with a cluster of PS3?
i heard that was about 200 PS3s

DarkPrince
Posts: 148
Joined: Wed Oct 15, 2008 5:50 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: MD5 Is Officially Insecure: Hackers Break SSL Certificates

Post by DarkPrince » Fri Jan 16, 2009 6:55 pm

brunolap wrote:is it impossible to get 31bil/sec even with a cluster of PS3?
i heard that was about 200 PS3s
that's 155,000,000 hashes/sec for each ps3
that's possible.

Post Reply
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Who is online

Users browsing this forum: No registered users and 1 guest