Usually the bad actions of a company only affect its own customers. However, Certification Authorities (CA) that have not yet migrated away from MD5 to a more secure cryptographic hash function are causing problems that affect everyone, said Paul Kocher, president and chief scientist of Cryptography Research.
Security professionals have sounded off after a team of researchers on Tuesday revealed a weakness in the MD5 cryptographic hash function which could allow an attacker to create a rogue Certification Authority (CA) certificate and potentially impersonate any website, including those secured by the HTTPS protocol.
“For CAs not to have acted on this earlier is a travesty,” Chris Eng, senior director of security research at Veracode wrote in response to the news, which broke at a hacker conference in Berlin. “It's one thing to be using MD5 in your custom web application, where you only hurt yourself if it's compromised. It's another thing entirely for an organization whose business is trust not to be taking all possible measures to be trustworthy.”
While warning against MD5-signing has been made since 2004, it is still used today by the CAs such as RapidSSL, FreeSSL, TrustCenter, RSA Data Security, Thawte, verisign.co.jp, the researchers said.
“Academic papers have come out in 2004 and again in 2007 showing MD5 collisions were possible,” Chris Wysopal, co-founder and chief technology officer of application security firm Veracode, told SCMagazineUS.com Tuesday. “Certification Authorities have had at least two years to update to new algorithms, and it seems they didn't until a practical attack was shown to them.”
Everyone is vulnerable to this problem, including those with a web certificate from a CA that uses a more secure cryptographic hash function than MD5 (such as SHA-1, or more preferably SHA-2). That's because as long as there remain CAs using MD5, an attacker can forge a certificate from them and impersonate any website, Wysopal said.
“An attacker could create a fake web certificate and trick your browser into thinking you're really at PayPal or Bank of America, when in fact you're on their server,” Jennifer Jabbusch, CISO and network security specialist at Carolina Advanced Digital, wrote on her personal blog.
Wysopal said he thinks the industry needs to start paying more attention to academic papers and be more proactive when issues are discovered.
“Right now the whole security world waits for a vendor get a notice from a researcher saying, ‘I found a bug in your system,'" Wysopal said. “We need to be more proactive.”
Security professionals have sounded off after a team of researchers on Tuesday revealed a weakness in the MD5 cryptographic hash function which could allow an attacker to create a rogue Certification Authority (CA) certificate and potentially impersonate any website, including those secured by the HTTPS protocol.
“For CAs not to have acted on this earlier is a travesty,” Chris Eng, senior director of security research at Veracode wrote in response to the news, which broke at a hacker conference in Berlin. “It's one thing to be using MD5 in your custom web application, where you only hurt yourself if it's compromised. It's another thing entirely for an organization whose business is trust not to be taking all possible measures to be trustworthy.”
While warning against MD5-signing has been made since 2004, it is still used today by the CAs such as RapidSSL, FreeSSL, TrustCenter, RSA Data Security, Thawte, verisign.co.jp, the researchers said.
“Academic papers have come out in 2004 and again in 2007 showing MD5 collisions were possible,” Chris Wysopal, co-founder and chief technology officer of application security firm Veracode, told SCMagazineUS.com Tuesday. “Certification Authorities have had at least two years to update to new algorithms, and it seems they didn't until a practical attack was shown to them.”
Everyone is vulnerable to this problem, including those with a web certificate from a CA that uses a more secure cryptographic hash function than MD5 (such as SHA-1, or more preferably SHA-2). That's because as long as there remain CAs using MD5, an attacker can forge a certificate from them and impersonate any website, Wysopal said.
“An attacker could create a fake web certificate and trick your browser into thinking you're really at PayPal or Bank of America, when in fact you're on their server,” Jennifer Jabbusch, CISO and network security specialist at Carolina Advanced Digital, wrote on her personal blog.
Wysopal said he thinks the industry needs to start paying more attention to academic papers and be more proactive when issues are discovered.
“Right now the whole security world waits for a vendor get a notice from a researcher saying, ‘I found a bug in your system,'" Wysopal said. “We need to be more proactive.”
