Microsoft Security Advisory warned today that a possible attack against the MD5 hash digital certificate could allow an attacker to generate their own certificate with information from the original. Microsoft warned that only the X.509 certificates could be attacked, and suggests users to upgrade to the newer SHA-1 algorithm.Although the information was not published publically to allow hackers the chance to launch attacks on the vulnerability, Microsoft is keeping a watch on the possible attack, even though the vulnerability does not come in a Microsoft product. The researchers that discovered the MD5 X.509 digital signature vulnerability did not post the cryptographic background to the attack, which cannot be reproduced without it, leaving little or no risk to users who still use the X.509 signature. Most Digital Certificates are no longer signed using the MD5 X.509 method, but use the more secure SHA-1 algorithm.
MD5 is a widely used cryptographic hash function that encrypts with a 128-bit hash value. The MD5 hash typically outputs a 32 digit hexadecimal number, using a specific algorithm to secure bits of information.
No, it's useless as a hack in the real world. Nothing to worry about.
Not unless you run a web site using the MD5 certificate encryption
not really, i havn't seen a MD5 x.509 certificate for some time now. All the ssl certificates I ordered have been sha-1 for some years.
Very good question. I don't see any imminant attacks in the future, because the researchers are not sharing their method.
Because it was never cracked until now. You also need to keep in mind, it is only crackable under certain conditions
OK putting my security hat on; MD5 is not encryption. It's a hash or checksum algorithm; to encrypt you have to be able to decrypt.
Anyway; I did lots of reading last night. Bear in mind MD5 was "cracked" a couple of years back with prove of collisions; what we have now is a practical application.
On the comment "Not unless you run a web site using the MD5 certificate encryption" - again no. The problem is in the checksum for the certificates. SSL encryption does not use MD5, as I said it's not an encryption algorithm. What it is used for is the thumbprint on the certificate which is used to decide if a certificate is valid or not. If I created a fake certificate for microsoft.com and tried to spoof it as being issued by Verisign the thumbprint which indicates validaty would fail. What the researchers have done is a collision attack to fill the certificate with specially crafted information which allows the checksum to pass (this is a gross oversimplification, but it will do *grin*)
Is on-line ordering now unsafe? Not really; most certificates use SHA1 for hashing and checking these days, only Versign and some very minor CAs have been dragging their heels. The method needs quite serious hardware to workout the collision and CRLs mean any fake certificate could be removed from the valid list once discovered.
In theory it could affect the signing key for signed software; in practice not really, for the same reasons as on-line still being safe (for now)
...snip...
Is on-line ordering now unsafe? Not really; most certificates use SHA1 for hashing and checking these days, only Versign and some very minor CAs have been dragging their heels. The method needs quite serious hardware to workout the collision and CRLs mean any fake certificate could be removed from the valid list once discovered.
In theory it could affect the signing key for signed software; in practice not really, for the same reasons as on-line still being safe (for now)
Your post was is a good sumarry of the situation, nice explanation!
...snip...
Is on-line ordering now unsafe? Not really; most certificates use SHA1 for hashing and checking these days, only Versign and some very minor CAs have been dragging their heels. The method needs quite serious hardware to workout the collision and CRLs mean any fake certificate could be removed from the valid list once discovered.
In theory it could affect the signing key for signed software; in practice not really, for the same reasons as on-line still being safe (for now)
Your post was is a good sumarry of the situation, nice explanation!
An excellent summary, well done. Thanks for pointing out that MD5 is not encryption, many people make that mistake.
:ROLLESEYES:
this has nothing to do with windows as such, but yeah, if it makes you feel better, blame microsoft
If they make a recommendation, it's pretty likely involving Windows, too. Potential issues in SHA-1 have been pointed out, ways found to cut down the necessary collisions in brute force attacks by a lot (where a lot is in the range of 10^30), and better hash algorithms have been devised and implemented in most operating system. So why not use them?
The internet isn't 100% safe and secure. What else is new?
Wrong! Once an attack is known to be possible it's only a matter of time (and not much at that really) before it's public. So if this is the real deal then some point this year we all will have to start blacklisting MD5 keys.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.