MD5 encryption broken, Microsoft warns

Microsoft Security Advisory warned today that a possible attack against the MD5 hash digital certificate could allow an attacker to generate their own certificate with information from the original. Microsoft warned that only the X.509 certificates could be attacked, and suggests users to upgrade to the newer SHA-1 algorithm.

Although the information was not published publically to allow hackers the chance to launch attacks on the vulnerability, Microsoft is keeping a watch on the possible attack, even though the vulnerability does not come in a Microsoft product. The researchers that discovered the MD5 X.509 digital signature vulnerability did not post the cryptographic background to the attack, which cannot be reproduced without it, leaving little or no risk to users who still use the X.509 signature. Most Digital Certificates are no longer signed using the MD5 X.509 method, but use the more secure SHA-1 algorithm.

MD5 is a widely used cryptographic hash function that encrypts with a 128-bit hash value. The MD5 hash typically outputs a 32 digit hexadecimal number, using a specific algorithm to secure bits of information.

Report a problem with article
Previous Story

Support for IE8 pre-released versions extended

Next Story

Online holiday sales drop 3 percent

26 Comments

Commenting is disabled on this article.

"The researchers that discovered the MD5 X.509 digital signature vulnerability did not post the cryptographic background to the attack, which cannot be reproduced without it, leaving little or no risk to users who still use the X.509 signature."

Wrong! Once an attack is known to be possible it's only a matter of time (and not much at that really) before it's public. So if this is the real deal then some point this year we all will have to start blacklisting MD5 keys.

Dont worry guys!! I told my grandma to update her anti-virus and keep her computer off for a couple of weeks until things are back to normal!!!

I think there's a lot of confusion here as blowdart stated. You are confusing RSA with MD5 or SHA-1. Encryption and consequently e-commerce will only be at risk if RSA was proven insecure and it was mathematically proven right while p is not qual to np.

Most people would never encounter this on the one hand nor on the other hand be able to accomplish this.
The internet isn't 100% safe and secure. What else is new?

*facepalm*

OK putting my security hat on; MD5 is not encryption. It's a hash or checksum algorithm; to encrypt you have to be able to decrypt.

Anyway; I did lots of reading last night. Bear in mind MD5 was "cracked" a couple of years back with prove of collisions; what we have now is a practical application.

On the comment "Not unless you run a web site using the MD5 certificate encryption" - again no. The problem is in the checksum for the certificates. SSL encryption does not use MD5, as I said it's not an encryption algorithm. What it is used for is the thumbprint on the certificate which is used to decide if a certificate is valid or not. If I created a fake certificate for microsoft.com and tried to spoof it as being issued by Verisign the thumbprint which indicates validaty would fail. What the researchers have done is a collision attack to fill the certificate with specially crafted information which allows the checksum to pass (this is a gross oversimplification, but it will do *grin*)

Is on-line ordering now unsafe? Not really; most certificates use SHA1 for hashing and checking these days, only Versign and some very minor CAs have been dragging their heels. The method needs quite serious hardware to workout the collision and CRLs mean any fake certificate could be removed from the valid list once discovered.

In theory it could affect the signing key for signed software; in practice not really, for the same reasons as on-line still being safe (for now)

blowdart said,
*facepalm*

...snip...

Is on-line ordering now unsafe? Not really; most certificates use SHA1 for hashing and checking these days, only Versign and some very minor CAs have been dragging their heels. The method needs quite serious hardware to workout the collision and CRLs mean any fake certificate could be removed from the valid list once discovered.

In theory it could affect the signing key for signed software; in practice not really, for the same reasons as on-line still being safe (for now)

Your post was is a good sumarry of the situation, nice explanation!

DaveHope said,

Your post was is a good sumarry of the situation, nice explanation!

An excellent summary, well done. Thanks for pointing out that MD5 is not encryption, many people make that mistake.

Xavien said,
MD5 hasn't been secure for years, why does Microsoft decide to tell us now?

Because it was never cracked until now. You also need to keep in mind, it is only crackable under certain conditions

Does that affect signed files (to assure files were not tampered) that xp/Vista checks when opening a downloaded file? could they be spoofed via MD5 vun.?

ChrisJ1968 said,
Wow!, good question. that can really mess up PC's. perhaps a new virus methodology?

Very good question. I don't see any imminant attacks in the future, because the researchers are not sharing their method.

*faceplants*...Microsoft must have took it personally to issue something that fast...much faster than the response time to critical windows/ie bugs

Umm... MD5 is not a Microsoft product. They're just issuing a warning because they have products that use it.

ChrisJ1968 said,
so does the average joe(like me) need to do anything or is this only concerned with online businesses?

Not unless you run a web site using the MD5 certificate encryption

ChrisJ1968 said,
I see. sounded like something I needed to update. damn!, I guess online ordering is in jeopardy..hmm


not really, i havn't seen a MD5 x.509 certificate for some time now. All the ssl certificates I ordered have been sha-1 for some years.