Hackers completely break SSL using 200 PS3s


Recommended Posts

now isnt this interesting :)

http://hackaday.com/2008/12/30/25c3-hacker...using-200-ps3s/

=================================

A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.

This attack is possible because of a flaw in MD5. MD5 is a hashing algorithm; each unique file has a unique hash. In 2004, a team of Chinese researchers demonstrated creating two different files that had the same MD5 hash. In 2007, another team showed theoretical attacks that took advantage of these collisions. The team focused on SSL certificates signed with MD5 for their exploit.

The first step was doing some broad scans to see what certificate authorities (CA) were issuing MD5 signed certs. They collected 30K certs from Firefox trusted CAs. 9K of them were MD5 signed. 97% of those came from RapidSSL.

Having selected their target, the team needed to generate their rogue certificate to transfer the signature to. They employed the processing power of 200 Playstation 3s to get the job done. For this task, it?s the equivalent of 8000 standard CPU cores or $20K of Amazon EC2 time. The task takes ~1-2 days to calculate. The tricky part was knowing the content of the certificate that would be issued by RapidSSL. They needed to predict two variables: the serial number and the timestamp. RapidSSL?s serial numbers were all sequential. From testing, they knew that RapidSSL would always sign six seconds after the order was acknowledged. Knowing these two facts they were able to generate a certificate in advance and then purchase the exact certificate they wanted. They?d purchase certificates to advance the serial number and then buy on the exact time they calculated.

The cert was issued to their particular domain, but since they controlled the content, they changed the flags to make themselves an intermediate certificate authority. That gave them authority to issue any certificate they wanted. All of these ?valid? certs were signed using SHA-1.

If you set your clock back to before August 2004, you can try out their live demo site. This time is just a security measure for the example and this would work identically with a certificate that hasn?t expired. There?s a project site and a much more detailed writeup than this.

To fix this vulnerability, all CAs are now using SHA-1 for signing and Microsoft and Firefox will be blacklisting the team?s rogue CA in their browser products.

=============================================

post-12634-1230699441.jpg

  mohan_168 said:
^ This issue cant be addressed or fixed. This is a limitation in MD5 itself.

I rarely see any corporate firm use MD5 for hashing purpose. SHA-1 is the way forward.

MD5 would just remain for theoretical knowledge in the books.

There's lots of different hash functions, like Whirlpool

  Mystic said:
What a waste of money.

how is it a waste?

this is something most people won't be able to do they are kind of peeking into the future of computer technologies and saying "yep this algorithm has a flaw in it"

best to find out now then later on when everyone else is capable of doing it this is like the big push away from md5 in terms of security

  DDStriker said:
how is it a waste?

this is something most people won't be able to do they are kind of peeking into the future of computer technologies and saying "yep this algorithm has a flaw in it"

best to find out now then later on when everyone else is capable of doing it this is like the big push away from md5 in terms of security

I just figured there was a better way to spend $80,000...

I know they were able to do it quicker this way, but either it was save time (do it on a smaller scale) or spend $80,000....

Interesting feat, regardless of what the hackers use to do their thing.

It's just funny when it's consoles, as people still have a bit of the "console war" kicking about inside of them when they reply :laugh:

I couldn't care less if 8,000,000 mobile phones are used :p

If a more secure product comes from this, great, if nothing comes from it at least whoever headed the project carried it through till the end.

MD5 pff... using the technology my company developed not even a million PS3 could break it. :shifty:

This reminded me of the Steven Wright joke: Everywhere is within walking distance if you have the time.

There's an analogy to be made with this situation but I'm too lazy right now to do it. :$

  Audioboxer said:
If a more secure product comes from this, great, if nothing comes from it at least whoever headed the project carried it through till the end.

agree, its a good thing that people do these kinds of experiments. It will show what technology needs improvement when better hardware is developed.

  Audioboxer said:
Interesting feat, regardless of what the hackers use to do their thing.

It's just funny when it's consoles, as people still have a bit of the "console war" kicking about inside of them when they reply :laugh:

I couldn't care less if 8,000,000 mobile phones are used :p

If a more secure product comes from this, great, if nothing comes from it at least whoever headed the project carried it through till the end.

Exactly. You know you have a Sony fanboy when the title of an article such as this tries to make it all about the PS3.

Uhhh, not the point...

  _dandy_ said:
Exactly. You know you have a Sony fanboy when the title of an article such as this tries to make it all about the PS3.

Uhhh, not the point...

And you know when the topic officially derails when posters start flinging "fanboy" comments around. :rolleyes:

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I enjoy using Discover Weekly. I have found new music using it. Just sometimes it goes off the rails and doesn't remember I don't like rap. I'm not sure this update is anything helpful, but I guess I'll try it if it comes to free accounts.
    • Yep, I got 250 mbps down / 50 mbps up on Qatar last week and about a 30 ms ping.
    • Here are all the new features added to Microsoft 365 Copilot in June 2025 by Usama Jawad Towards the end of each month, Microsoft publishes a roundup of the features that it added to some of its popular software in the previous four weeks. We have already talked about the new capabilities introduced in Excel and Teams during the month of June 2025, and now, it's time to talk about Microsoft 365 Copilot. We'll start off with admin-facing capabilities since there are only a few of them. For starters, the usage metrics for Copilot in the Copilot Analytics tool now have new prompt categories that give more insights as to how users are engaging with Copilot. This feature has just begun rolling out, but another enhancement to the usage metrics that is already available is dedicated statistics for intelligent meeting recaps. Finally, Microsoft 365 admins can now view and manage their inventory of agents and connectors and also have more granular control over costs and billing policies. On the user side of things, we have intelligent assistance in Copilot Chat, powered by ContextIQ. This layer of intelligence can scope prompts to internal (SharePoint, OneDrive) and external data sources, find files in the chat, and proactively offer relevant suggestions as you type. In the same vein, the Copilot mobile app is being updated so you can talk to the AI in a natural manner using your voice. In addition, users can also get access to deep reasoning agents such as Researcher and Analyst for more complex and research-oriented needs. The Create experience in the app is also being updated with the ability to generate stories and branded templates. Other interesting Copilot capabilities rolling out to Edge customers are the ability to prompt the AI through the search bar, access agents from within the browser, and take advantage of Copilot's impressive text summarization capabilities. That's not all though, other features in tow include: Enhancements to Copilot in Outlook: Schedule meetings through Copilot chat, summarization of email attachments, a new sidebar experience in the classic Outlook app, meeting preparation, and automated meeting invite creation Improved image generation and large file handling in Copilot Chat: More photorealistic image generation with better text depiction, ability to generate longer summaries from bigger files, and PDF scanning capabilities for insights Memory in Copilot: Copilot will now remember certain items from your conversation and you can modify or delete them Transferred calls summary with Copilot in Teams Phone: Generate a summary of a call and transfer it to a target New file extension for Copilot Pages: Copilot Pages will now have .page extension with an updated file icon Copilot Notebooks availability in OneNote: We already covered this in detail here Seamlessly add brand-approved images with Copilot in PowerPoint: Integration of Copilot with SharePoint Organization Asset Library (OAL) and Templafy asset libraries Explain formulas on the grid with Copilot in Excel: Self-explanatory, exactly what it says on the tin Expanded availability for the Microsoft 365 Copilot app: Availability of the Microsoft 365 Copilot app on Mac You can read more details about each of the aforementioned features here.
    • Damn, I blocked OldGuru a long time ago and you have to go and quote them so I have to read that creepy a$$ take. LOL Anyway 100% that dude can't find women that will have sex with him.
    • OneNote for Windows gets support for Dynamic DPI by Usama Jawad OneNote for Windows (part of Microsoft 365) is a pretty useful app if you're actively engaged in note-taking activities and also appreciate some rich text formatting capabilities. In fact, it also offers some decent integrations with Copilot, which make it an important piece of software in productivity-based environments. Now, Microsoft has introduced a feature that will likely make people with multi-monitor setups very happy. The OneNote for Windows application now supports Dynamic DPI (dots per inch). What this means is that you can use OneNote across any screen and it will scale according to the display's resolution, and you won't get a disconcerting and distracting blurring effect. You can extend your display to a high-resolution monitor and shift OneNote across displays without a hitch or any distraction. This is similar to the UX that is already present in Word, Excel, and PowerPoint. This Dynamic DPI support not only extends to the main text area but also to the section tabs, the Notebooks pane, drop-down menus, and Copilot Notebooks. All of these should look crisp and polished moving forward, without any manual adjustment or even an app restart required from the user's side. Microsoft has highlighted that it was encouraged to work on this capability after receiving user feedback from customers in this area. Dynamic DPI is now available to Current Channel (CC) customers on OneNote for Windows, running Version 2504 (Build 16.0.18827.20042) or later. That's not all, though. Another smaller enhancement present in OneNote moving forward is a revamped setup experience when you launch OneNote on a new Windows device for the first time. You will now receive a list of your five most recently used (MRU) notebooks that will open instantaneusly with a click. If you have more than five notebooks, you can pick and choose the files that you want to open. That said, Microsoft is looking to expand and improve on this experience in the future since it is fairly limited right now.
  • Recent Achievements

    • Week One Done
      dennis Nebeker earned a badge
      Week One Done
    • One Year In
      timothytoots earned a badge
      One Year In
    • One Month Later
      CHUNWEI earned a badge
      One Month Later
    • Week One Done
      TIGOSS earned a badge
      Week One Done
    • First Post
      henryj earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      465
    2. 2
      +FloatingFatMan
      194
    3. 3
      ATLien_0
      163
    4. 4
      Xenon
      78
    5. 5
      Som
      73
  • Tell a friend

    Love Neowin? Tell a friend!