News

SSL Certs Busted

European security researchers have demonstrated a weakness in a hash algorithm widely used for creating digital certificates to secure Web sites and sign e-mails.

The weaknesses, found in the MD5 hash algorithm, could be used as a basis to generate fraudulent X.509 Certification Authority certificates, allowing attackers to forge secure web sites, those that use the HTTPS protocol to ensure authenticity. Any other secure services that use the Secure Socket Layer (SSL), such as digitally-signed e-mail, could be vulnerable as well.

"MD5 hashes have been shown to be weak for a while now, and this is just yet another attack using these known weaknesses," wrote Johannes Ullrich of the SANS Internet Storm Center, in an advisory. "The attack is still not easy, but very much possible and not just 'theoretical.'"

The researchers created a phony certificate, one that appears to be issued by a root Certificate Authority (CA), or trusted issuer of certificates for Public Key Infrastructures (PKI). The team harnessed a system built of 200 Sony Playstation PS3s to generate a MD5 hash value identical to legitimate one issued by a CA. The process took about two days.

"Our work shows that known weaknesses in the MD5 hash function can be exploited in realistic attack," the researchers wrote in a paper explaining their work. "[D]ue to the fact that even after years of warnings about the lack of security of MD5, some root CAs are still using this broken hash function … The vulnerability we expose is not in the SSL protocol or the web servers and browsers that implement it, but in the Public Key Infrastructure."

The hash function is an operation that ingests a string of data and outputs another string, called the hash value. Since a hash value has no easily-decipherable relation to the original input, it typically may not be duplicated by using some other input. The MD5 algorithm, however, has been shown to be faulty in this manner: In 2004, researchers theoretically showed that identical hash values from different inputs could be created with the 128-bit MD5 hash algorithm. This recent announcement is one of the first demonstrations that a duplicate MD5 hash value can be created.

Although the National Institute of Standards and Technology has advised end-users to move from the MD5 to SHA-1, many commercial CAs still use MD5. The researchers reported that RSA and VeriSign still use MD5 for some of their certificates.

Only those certificates using the MD5 algorithm could be affected. Those based on the stronger SHA-1, SHA-256, SHA-384 or SHA-512 algorithms are not affected.

Microsoft has advised its customers to stop using any certificates that were generated by the MD5 hashing algorithm.

In the paper, the researchers sketched out a theoretical scenario in which attackers could build a phony secure Web site to which users are unsuspectingly redirected from the real site. To end-users, the site may look identical to the real site. When the users' browsers do the automatic certificate check, they'll find the forged certificate claims the phony site is the real, setting up users to conduct sensitive communications or business transactions with the attackers.

In response to the paper, VeriSign product marketing executive Tim Callan notedthat VeriSign has been in the process of phasing out MD5-based certificates, and the work did not jeopardize any certificates now in place.

"No end entity certificates are affected by this attack. The attack, when it worked, was a potential method for a criminal to create a new, false certificate from scratch. Existing certificates are not targets for this attack," he wrote.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (GCN.com).

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.