SSL cert. hash hacked on PS3 farm

In New Year's eve's IT Blogwatch, Richi Jennings watches bloggers watch the MD5 hash algorithm get broken -- by a farm of PlayStations -- with worrying consequences for SSL digital certificates. Not to mention seasonal blinkenlights...

Robert McMillan sows fear:

SSL Padlock
With the help of about 200 Sony Playstations, an international team of security researchers has devised a way to undermine one of the algorithms used to protect secure Web sites — a capability that the researchers said could be used to launch nearly undetectable phishing attacks.

To accomplish that, the researchers said today that they had exploited a bug in the MD5 hashing algorithm used to create some of the digital certificates used by Web sites to prove they are what they claim to be. The researchers said that by taking advantage of known flaws in the algorithm, they were able to hack VeriSign Inc.'s certificate authority site and create fake digital certificates for any Web site on the Internet.
The researchers planned to present their findings today at the Chaos Communication Congress, a hacker conference being held in Berlin ... they say their work shows that the MD5 algorithm should no longer be used by the certificate authority companies that issue digital certificates.

John Markoff chains it up: [Good grief -Ed.]

The attack is possible because a handful of commercial organizations that provide components of the basic security infrastructure of the Internet are using an older security technology — despite years of warnings that it is now potentially obsolete.
The demonstration underscores that the commercial infrastructure of the Internet, as well as its privacy and security, are based on an advanced branch of mathematics that in the future may become vulnerable to more powerful computing systems and more clever attackers.

Dan Goodin collides with reality:

The forged certificate causes all the major browsers to display a message indicating the website the user is visiting is legitimate because it's been vetted by a trusted certificate authority using supposedly robust cryptographic measures. Such attacks could make it easier for phishers to impersonate the sites of banks and other sensitive online services.
The latest findings ... show how so-called collisions allow for the creation of valid digital credentials used by certificate authorities, which are appointed organizations that validate the authenticity of websites used for banking and other sensitive online activities. Once the researchers have generated the rogue certificate authority certificate, they can create SSL certificates for any site that will be accepted by just about any web-connecting device.
The researchers ... said browser makers should take action to protect their users against the vulnerability ... [and] it should now be clear that MD5 is irretrievably broken and can no longer be trusted.

For his birthday, Michael R. Farnum would like a PS3 or three: [That's enough wikipunnage -Ed.]

Basically, they are generating a certificate through a bogus Certificate Authority (CA) that is identical to one generated by a valid CA, and your browser has no way of knowing the difference.  The good news is that most CA's now use SHA-1 as their hash algorithm, but there are still a few CA's that use MD5.

The researchers constructed the attack "using ... a cluster of more than 200 PlayStation 3 game consoles" ... Yep, that's right - PS3's.
Though I am not saying that hackers are going to start buying PS3's in bulk and use them for cracking SSL, I can say that it now looks like this is a more viable option.  And I am sure Sony won't object.

Ed Felten makes a hash of it:

The hash is a short (128-bit) code that is supposed to be a kind of unique digest of the certificate contents. To be secure, the hash method has to have several properties, one of which is that it should be infeasible to find a collision, that is, to find two values A and B which have the same hash.
Whose fault is this? Partly it's a consequence of problems with the MD5 hash method. It's been known for a few years that MD5 is in the process of melting down, so prudent designers have been moving away from MD5, replacing it with newer, better hash methods. Similarly, prudent CAs should not be signing certificates that use MD5-based signature methods; instead they should insist on signature methods involving stronger hashes.

Undeterred, Scott Merrill brings it all home:

Okay, so how does this affect you?

If the researchers’ results can be duplicated by a malicious agent, they could generate any number of certificates that would be trusted by browsers all around the world ... [If] coupled with a sophisticated DNS attack [it would] make it really really really hard for anyone to realize that they’d been suckered.
Granted, the level of effort required to perform such an attack is currently enormous ... so it’s likely not the kind of thing that would be pulled on average Internet users. But it’s still something about which to be concerned.

And finally...

Buffer overflow:

Other Computerworld bloggers:

Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 23 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email:

Previously in IT Blogwatch:

Copyright © 2008 IDG Communications, Inc.

Shop Tech Products at Amazon