Hackers completely break SSL using 200 PS3s

[kyro]

now isnt this interesting :)

http://hackaday.com/2008/12/30/25c3-hacker...using-200-ps3s/

=================================

A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.

This attack is possible because of a flaw in MD5. MD5 is a hashing algorithm; each unique file has a unique hash. In 2004, a team of Chinese researchers demonstrated creating two different files that had the same MD5 hash. In 2007, another team showed theoretical attacks that took advantage of these collisions. The team focused on SSL certificates signed with MD5 for their exploit.

The first step was doing some broad scans to see what certificate authorities (CA) were issuing MD5 signed certs. They collected 30K certs from Firefox trusted CAs. 9K of them were MD5 signed. 97% of those came from RapidSSL.

Having selected their target, the team needed to generate their rogue certificate to transfer the signature to. They employed the processing power of 200 Playstation 3s to get the job done. For this task, it?s the equivalent of 8000 standard CPU cores or $20K of Amazon EC2 time. The task takes ~1-2 days to calculate. The tricky part was knowing the content of the certificate that would be issued by RapidSSL. They needed to predict two variables: the serial number and the timestamp. RapidSSL?s serial numbers were all sequential. From testing, they knew that RapidSSL would always sign six seconds after the order was acknowledged. Knowing these two facts they were able to generate a certificate in advance and then purchase the exact certificate they wanted. They?d purchase certificates to advance the serial number and then buy on the exact time they calculated.

The cert was issued to their particular domain, but since they controlled the content, they changed the flags to make themselves an intermediate certificate authority. That gave them authority to issue any certificate they wanted. All of these ?valid? certs were signed using SHA-1.

If you set your clock back to before August 2004, you can try out their live demo site. This time is just a security measure for the example and this would work identically with a certificate that hasn?t expired. There?s a project site and a much more detailed writeup than this.

To fix this vulnerability, all CAs are now using SHA-1 for signing and Microsoft and Firefox will be blacklisting the team?s rogue CA in their browser products.

=============================================

[Ci7]

  Quote

For this task,it's the equivalent of 8000 standard CPU cores

hmmm what cores ?? Pentium 2s or Athlons :rolleyes:

seriously it is bad measurement

[The_Decryptor Veteran]

They haven't broken SSL, they've just shown MD5 to be even weaker than people thought it was.

[Ci7]

^

no wander they just swap it with SHA-1

oft

your avtar make my head goes :wacko: :blink:

[-KJ]

Very interesting read. Thanks.

[Andrew Lyle Global Moderator]

Nice read, I did a front page story about it.

I wonder if this boosted PS3's sales numbers for the week :laugh:

[qdave]

so thats what ps3's are good for :D

hopefully this issue will be fixed soon.

[kyro]

  skynetXrules said:

oft

your avtar make my head goes :wacko: :blink:

oft?

[macmax]

^ This issue cant be addressed or fixed. This is a limitation in MD5 itself.

I rarely see any corporate firm use MD5 for hashing purpose. SHA-1 is the way forward.

MD5 would just remain for theoretical knowledge in the books.

[kyro]

@mohan ya , but rapidssl is big and popular company among many hosting companies .

[aussiefloyd_fan]

so wouldnt that ba almost 100,000 us dollars for all the ps3's

[+Mystic MVC]

What a waste of money.

[The_Decryptor Veteran]

  mohan_168 said:

^ This issue cant be addressed or fixed. This is a limitation in MD5 itself.

I rarely see any corporate firm use MD5 for hashing purpose. SHA-1 is the way forward.

MD5 would just remain for theoretical knowledge in the books.

There's lots of different hash functions, like Whirlpool

[DDStriker]

  Mystic said:

What a waste of money.

how is it a waste?

this is something most people won't be able to do they are kind of peeking into the future of computer technologies and saying "yep this algorithm has a flaw in it"

best to find out now then later on when everyone else is capable of doing it this is like the big push away from md5 in terms of security

[kyro]

@DDStriker,

nah , he meant what a waste of money for getting 200 ps3, they could had easily gone for thousand xbots :D

[+Mystic MVC]

  DDStriker said:

how is it a waste?

this is something most people won't be able to do they are kind of peeking into the future of computer technologies and saying "yep this algorithm has a flaw in it"

best to find out now then later on when everyone else is capable of doing it this is like the big push away from md5 in terms of security

I just figured there was a better way to spend $80,000...

I know they were able to do it quicker this way, but either it was save time (do it on a smaller scale) or spend $80,000....

[The_Decryptor Veteran]

The idea with cracking encryption is to do it in the shortest possible time, so spending money to buy fast processors isn't really surprising.

[+Audioboxer Subscriber²]

Interesting feat, regardless of what the hackers use to do their thing.

It's just funny when it's consoles, as people still have a bit of the "console war" kicking about inside of them when they reply :laugh:

I couldn't care less if 8,000,000 mobile phones are used :p

If a more secure product comes from this, great, if nothing comes from it at least whoever headed the project carried it through till the end.

[Sethos]

Wow, that article was so encrypted for a guy like me :rofl:

Bla bla bla 2007 bla bla bla 2005 bla bla bla chinese bla bla bla Playstation 3s bla bla

[The_Decryptor Veteran]

We already have a more secure "product", this has just shown that the slow pokes who weren't using it need to get their ass in gear and update.

[D. S. Veteran]

MD5 pff... using the technology my company developed not even a million PS3 could break it. :shifty:

This reminded me of the Steven Wright joke: Everywhere is within walking distance if you have the time.

There's an analogy to be made with this situation but I'm too lazy right now to do it. :$

[Pupik]

  kyro said:

oft?

off topic.

[omgpils]

  Audioboxer said:

If a more secure product comes from this, great, if nothing comes from it at least whoever headed the project carried it through till the end.

agree, its a good thing that people do these kinds of experiments. It will show what technology needs improvement when better hardware is developed.

[_dandy_]

  Audioboxer said:

Interesting feat, regardless of what the hackers use to do their thing.

It's just funny when it's consoles, as people still have a bit of the "console war" kicking about inside of them when they reply :laugh:

I couldn't care less if 8,000,000 mobile phones are used :p

If a more secure product comes from this, great, if nothing comes from it at least whoever headed the project carried it through till the end.

Exactly. You know you have a Sony fanboy when the title of an article such as this tries to make it all about the PS3.

Uhhh, not the point...

[TDQuiksilver]

  _dandy_ said:

Exactly. You know you have a Sony fanboy when the title of an article such as this tries to make it all about the PS3.

Uhhh, not the point...

And you know when the topic officially derails when posters start flinging "fanboy" comments around. :rolleyes: