[Owasp-delhi] SSL Broken..

Gunwant Singh gunwant.s at gmail.com
Mon Jan 12 11:41:11 EST 2009


Pranav,

Thanks for the information. Would you mind sharing the name of the tools for
MD5 cracking? I'll be thankful.

All,

I was curious about a question on Sessions which I wanted to ask you all
since some time back but did not get any chance due to some reasons. I have
asked this question on some forums as well, so excuse me if you have already
heard of this.

As we all know salted MD5 hashing protects the authentication credentials
rightly from eavesdropping on the network. SSL does the same thing. However,
in some scenarios SSL might not be feasible. For example, causing heavy load
on the server or may be some applications don't support it, etc.

Apparently we need to protect 2 crucial things in the HTTP header from the
person sniffing the network traffic. "Authentication Credentials and Session
Credentials"

We can protect the authentication credentials using salted MD5 hashing or by
using SSL. In case SSL implementation is not feasible, salted MD5 will still
protect the authentication credentials but not the Session Credentials. In
order to protect the Session credentials (Session ID, tokens, cookies, etc)
on a non-SSL channel what measures can be taken?

Thoughts?

-Gunwant



On Fri, Jan 9, 2009 at 1:34 PM, Pranav Joshi <pranav.joshi at kriss.in> wrote:

> Hi Gunwant,
>
> > Fyi, even SHA-1 is susceptible to collision attacks. Practically even if
> MD5
> > or SHA-1 are broken, this vulnerability still can't be readily used to
> exploit the certificate genuinity uptil 'Now'
>
> Absolutely, I completely agree with your point that SHA-1 is susceptible
> to collisions.
>
> The only difference between them is that colliding SHA-1 still a
> mathematical probability of 2^63 computational cycles, So far nobody has
> been able show a working collision for SHA-1.
>
> > IMHO I am sure this will be exploited with a solid rationale in the near
> future.
>
> Absolutely.. It's just a matter of biding time till someone figures out a
> way, IMHO, PS3's (Cell Based Systems) & GPUs are doing a remarkably
> praiseworthy job of shrinking the computational time-line.
>
> Having said that, the point I wanted to make regarding MD5 specifically
> was that POCs and tools for attacking MD5 have been available for close to
> 3 years and these attacks have been a part of GHTQ curriculum. but nothing
> was serious as this for MD5 uptil 'Now'... the metaphorical "final nail in
> the coffin".
>
> The best bet as of now is to rely on multiple hashing algorithms for
> critical systems; so even if one collision is generated other hashes would
> fail to match.
>
> NOTE: I can't recollect the names of those tools mentioned here but if
> someone is interested in knowing them lemme know, I'd be glad to re-lookup
> the same.
>
> Warm Regards,
> Pranav Joshi
> Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
> Email: pranav.joshi at kriss.in
> Phone: +91-9958967766
>
> > Hi,
> >
> > Thanks for sharing the information. Just wanted to add some more to
> this.
> >
> > As you said:
> > "Since, MD5 is also used in signing certificates the browsers will have
> no
> > way of telling the difference between a genuine and a rogue website
> unless
> > other hashing algorithms like SHA-1 are also used."
> >
> > Fyi, even SHA-1 is susceptible to collision attacks. Practically even if
> MD5
> > or SHA-1 are broken, this vulnerability still can't be readily used to
> exploit the certificate genuinity uptil 'Now'. Having said that I did not
> > mean that it can't be exploited at all thereby further exposing
> insecurity
> > on the internet. What I am saying is until some more research is done on
> how
> > to exploit this in relevance to the certificates, we can unwind and
> count
> > on
> > atleast the certificates for now.
> >
> > Some guys have come up with a PoC for the same, however not at a very
> reasonable level.
> > May be you want to have a look at these:
> >
> > http://www.cryptography.com/cnews/hash.html<
> https://houmail.halliburton.com/OWA/redir.aspx?C=52ed613179914f85a1b0ae5a68761f71&URL=http%3a%2f%2fwww.cryptography.com%2fcnews%2fhash.html
> >
> http://www.securityfocus.com/columnists/488
> >
> > IMHO I am sure this will be exploited with a solid rationale in the near
> future.
> >
> > Thanks,
> > -Gunwant Singh
> >
> > On Fri, Jan 2, 2009 at 1:46 PM, Pranav Joshi <pranav.joshi at kriss.in>
> wrote:
> >
> >> Hello Everyone.
> >> It's been quite a while since security issues with MD5 algorithm
> started
> >> cropping up regarding reproducible hash collisions (a.k.a Birthday
> Attack), this one ups the ante by driving the final nail in it's
> coffin.
> >> Since, MD5 is also used in signing certificates the browsers will have
> no
> >> way of telling the difference between a genuine and a rogue website
> unless
> >> other hashing algorithms like SHA-1 are also used.
> >> http://blogs.computerworld.com/md5_ca_hack_and_the_ps3
> >> Warm Regards,
> >> Pranav Joshi
> >> Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
> >> Email: pranav.joshi at kriss.in
> >> Phone: +91-9958967766
> >> _______________________________________________
> >> Owasp-delhi mailing list
> >> Owasp-delhi at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> >
> >
> >
> > --
> > Gunwant Singh
> >
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


-- 
Gunwant Singh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090112/8ef732f0/attachment.html 


More information about the Owasp-delhi mailing list