-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. wrote:
On Friday, 2009-01-02 at 10:15 -0000, G T Smith wrote:
Hmmm... reading the article a little closer. This was only possible from one certificate supplier with two key bits of knowledge about that suppliers certificates, a fixed certificate signing response time, a sequential serial number and took two days to perform with $20K worth of computing power... Not quite in the same league as the WEP hack ....
But the "bad guys" can have that kind of manpower and money, if there is money to be earned. Just look at the amount of phising attempts every day...
Phishing largely depends on the naivety of the end user, like any other con. So is a different line of attack, and there is no security against stupidity. IIRC most phishing attacks make use of other peoples machines resources :-) Certificates normally have an expiry date, so therefore this kind of attack would normally only be useful if the hack can be reasonably achieved within the time frame of the expiry cycle. The generation process time has been probably been significantly reduced because two factors are known and predictable, the real question is what is the generation process time if these are not known (or to put it more accurately the probability of successfully generating a forged certificate before it expires, if these factors are not known). The weakness of the approach is that it also can be nullified very simply (and according to this report already has).
In this case I would focus on the question of the use of sequential serial numbers and a static response time... a little randomness in these could make the problem more difficult (but not impossible)...
That is very true.
I wonder if they checked other authorities and how many they found vulnerable.
They said 97% of the certificates which used the method came from one source, and they targeted this source. As a result cas issued by this source are to be flagged as dodgy. They say nothing about the other 3% also using the method, so to what extent this is a flaw in md5 signed certificates or a flaw in how the source deploys those certificates is a moot point. I would only be really worried if I was using a certificate from this source to protect something of value on the basis of this report, it really says little about the security (or lack of it) for md5 certificates in general. Not something I would be inclined to press the panic button for, but I would not discount it either...
-- Cheers, Carlos E. R.
- -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkleA/sACgkQasN0sSnLmgIEywCg7sSt6x4XyirexN+wEctXP0af pM0AoI+KrchsC+jpRGErLlFmixs8LnI4 =1ATj -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org