[Owasp-delhi] SSL Broken..

Pranav Joshi pranav.joshi at kriss.in
Fri Jan 9 03:04:32 EST 2009


Hi Gunwant,

> Fyi, even SHA-1 is susceptible to collision attacks. Practically even if
MD5
> or SHA-1 are broken, this vulnerability still can't be readily used to
exploit the certificate genuinity uptil 'Now'

Absolutely, I completely agree with your point that SHA-1 is susceptible
to collisions.

The only difference between them is that colliding SHA-1 still a
mathematical probability of 2^63 computational cycles, So far nobody has
been able show a working collision for SHA-1.

> IMHO I am sure this will be exploited with a solid rationale in the near
future.

Absolutely.. It's just a matter of biding time till someone figures out a
way, IMHO, PS3's (Cell Based Systems) & GPUs are doing a remarkably
praiseworthy job of shrinking the computational time-line.

Having said that, the point I wanted to make regarding MD5 specifically
was that POCs and tools for attacking MD5 have been available for close to
3 years and these attacks have been a part of GHTQ curriculum. but nothing
was serious as this for MD5 uptil 'Now'... the metaphorical "final nail in
the coffin".

The best bet as of now is to rely on multiple hashing algorithms for
critical systems; so even if one collision is generated other hashes would
fail to match.

NOTE: I can't recollect the names of those tools mentioned here but if
someone is interested in knowing them lemme know, I'd be glad to re-lookup
the same.

Warm Regards,
Pranav Joshi
Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
Email: pranav.joshi at kriss.in
Phone: +91-9958967766

> Hi,
>
> Thanks for sharing the information. Just wanted to add some more to
this.
>
> As you said:
> "Since, MD5 is also used in signing certificates the browsers will have
no
> way of telling the difference between a genuine and a rogue website
unless
> other hashing algorithms like SHA-1 are also used."
>
> Fyi, even SHA-1 is susceptible to collision attacks. Practically even if
MD5
> or SHA-1 are broken, this vulnerability still can't be readily used to
exploit the certificate genuinity uptil 'Now'. Having said that I did not
> mean that it can't be exploited at all thereby further exposing
insecurity
> on the internet. What I am saying is until some more research is done on
how
> to exploit this in relevance to the certificates, we can unwind and
count
> on
> atleast the certificates for now.
>
> Some guys have come up with a PoC for the same, however not at a very
reasonable level.
> May be you want to have a look at these:
>
> http://www.cryptography.com/cnews/hash.html<https://houmail.halliburton.com/OWA/redir.aspx?C=52ed613179914f85a1b0ae5a68761f71&URL=http%3a%2f%2fwww.cryptography.com%2fcnews%2fhash.html>
http://www.securityfocus.com/columnists/488
>
> IMHO I am sure this will be exploited with a solid rationale in the near
future.
>
> Thanks,
> -Gunwant Singh
>
> On Fri, Jan 2, 2009 at 1:46 PM, Pranav Joshi <pranav.joshi at kriss.in>
wrote:
>
>> Hello Everyone.
>> It's been quite a while since security issues with MD5 algorithm
started
>> cropping up regarding reproducible hash collisions (a.k.a Birthday
Attack), this one ups the ante by driving the final nail in it's
coffin.
>> Since, MD5 is also used in signing certificates the browsers will have
no
>> way of telling the difference between a genuine and a rogue website
unless
>> other hashing algorithms like SHA-1 are also used.
>> http://blogs.computerworld.com/md5_ca_hack_and_the_ps3
>> Warm Regards,
>> Pranav Joshi
>> Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
>> Email: pranav.joshi at kriss.in
>> Phone: +91-9958967766
>> _______________________________________________
>> Owasp-delhi mailing list
>> Owasp-delhi at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
>
> --
> Gunwant Singh
>
















More information about the Owasp-delhi mailing list