[Owasp-delhi] SSL Broken..

Parmendra Sharma s.parmendra at gmail.com
Thu Jan 15 03:48:00 EST 2009


Hello all,

Very thanks for discussing such kinds of fruitful discussions. Learning a
lot from u people. Once again thanks a lot.......

On Mon, Jan 12, 2009 at 10:11 PM, Gunwant Singh <gunwant.s at gmail.com> wrote:

> Pranav,
>
> Thanks for the information. Would you mind sharing the name of the tools
> for MD5 cracking? I'll be thankful.
>
> All,
>
> I was curious about a question on Sessions which I wanted to ask you all
> since some time back but did not get any chance due to some reasons. I have
> asked this question on some forums as well, so excuse me if you have already
> heard of this.
>
> As we all know salted MD5 hashing protects the authentication credentials
> rightly from eavesdropping on the network. SSL does the same thing. However,
> in some scenarios SSL might not be feasible. For example, causing heavy load
> on the server or may be some applications don't support it, etc.
>
> Apparently we need to protect 2 crucial things in the HTTP header from the
> person sniffing the network traffic. "Authentication Credentials and Session
> Credentials"
>
> We can protect the authentication credentials using salted MD5 hashing or
> by using SSL. In case SSL implementation is not feasible, salted MD5 will
> still protect the authentication credentials but not the Session
> Credentials. In order to protect the Session credentials (Session ID,
> tokens, cookies, etc) on a non-SSL channel what measures can be taken?
>
> Thoughts?
>
> -Gunwant
>
>
>
>
> On Fri, Jan 9, 2009 at 1:34 PM, Pranav Joshi <pranav.joshi at kriss.in>wrote:
>
>> Hi Gunwant,
>>
>> > Fyi, even SHA-1 is susceptible to collision attacks. Practically even if
>> MD5
>> > or SHA-1 are broken, this vulnerability still can't be readily used to
>> exploit the certificate genuinity uptil 'Now'
>>
>> Absolutely, I completely agree with your point that SHA-1 is susceptible
>> to collisions.
>>
>> The only difference between them is that colliding SHA-1 still a
>> mathematical probability of 2^63 computational cycles, So far nobody has
>> been able show a working collision for SHA-1.
>>
>> > IMHO I am sure this will be exploited with a solid rationale in the near
>> future.
>>
>> Absolutely.. It's just a matter of biding time till someone figures out a
>> way, IMHO, PS3's (Cell Based Systems) & GPUs are doing a remarkably
>> praiseworthy job of shrinking the computational time-line.
>>
>> Having said that, the point I wanted to make regarding MD5 specifically
>> was that POCs and tools for attacking MD5 have been available for close to
>> 3 years and these attacks have been a part of GHTQ curriculum. but nothing
>> was serious as this for MD5 uptil 'Now'... the metaphorical "final nail in
>> the coffin".
>>
>> The best bet as of now is to rely on multiple hashing algorithms for
>> critical systems; so even if one collision is generated other hashes would
>> fail to match.
>>
>> NOTE: I can't recollect the names of those tools mentioned here but if
>> someone is interested in knowing them lemme know, I'd be glad to re-lookup
>> the same.
>>
>> Warm Regards,
>> Pranav Joshi
>> Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
>> Email: pranav.joshi at kriss.in
>> Phone: +91-9958967766
>>
>> > Hi,
>> >
>> > Thanks for sharing the information. Just wanted to add some more to
>> this.
>> >
>> > As you said:
>> > "Since, MD5 is also used in signing certificates the browsers will have
>> no
>> > way of telling the difference between a genuine and a rogue website
>> unless
>> > other hashing algorithms like SHA-1 are also used."
>> >
>> > Fyi, even SHA-1 is susceptible to collision attacks. Practically even if
>> MD5
>> > or SHA-1 are broken, this vulnerability still can't be readily used to
>> exploit the certificate genuinity uptil 'Now'. Having said that I did not
>> > mean that it can't be exploited at all thereby further exposing
>> insecurity
>> > on the internet. What I am saying is until some more research is done on
>> how
>> > to exploit this in relevance to the certificates, we can unwind and
>> count
>> > on
>> > atleast the certificates for now.
>> >
>> > Some guys have come up with a PoC for the same, however not at a very
>> reasonable level.
>> > May be you want to have a look at these:
>> >
>> > http://www.cryptography.com/cnews/hash.html<
>> https://houmail.halliburton.com/OWA/redir.aspx?C=52ed613179914f85a1b0ae5a68761f71&URL=http%3a%2f%2fwww.cryptography.com%2fcnews%2fhash.html
>> >
>>  http://www.securityfocus.com/columnists/488
>> >
>> > IMHO I am sure this will be exploited with a solid rationale in the near
>> future.
>> >
>> > Thanks,
>> > -Gunwant Singh
>> >
>> > On Fri, Jan 2, 2009 at 1:46 PM, Pranav Joshi <pranav.joshi at kriss.in>
>> wrote:
>> >
>> >> Hello Everyone.
>> >> It's been quite a while since security issues with MD5 algorithm
>> started
>> >> cropping up regarding reproducible hash collisions (a.k.a Birthday
>> Attack), this one ups the ante by driving the final nail in it's
>> coffin.
>> >> Since, MD5 is also used in signing certificates the browsers will have
>> no
>> >> way of telling the difference between a genuine and a rogue website
>> unless
>> >> other hashing algorithms like SHA-1 are also used.
>> >> http://blogs.computerworld.com/md5_ca_hack_and_the_ps3
>> >> Warm Regards,
>> >> Pranav Joshi
>> >> Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
>> >> Email: pranav.joshi at kriss.in
>> >> Phone: +91-9958967766
>> >> _______________________________________________
>> >> Owasp-delhi mailing list
>> >> Owasp-delhi at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>> >
>> >
>> >
>> > --
>> > Gunwant Singh
>> >
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Gunwant Singh
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Thanks and Regards:

Parmendra Sharma
Indian Computer Emergency Response Team (CERT-In)
Ministry of Information Technology
Government of India
6 C.G.O Complex
Lodhi Road
New Delhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090115/66bf8cb9/attachment.html 


More information about the Owasp-delhi mailing list