Blackmoor Vituperative

TechRepublic has an interesting article that gives a brief explanation of the MD5/SSL exploit that was the cause of such panic last month.

On the surface, this “event” proves that it’s possible for an attacker to insert himself into the certificate acquisition process, resulting in wrongful authentication of visited sites. However, SSL might not be in as much danger as originally reported.

Yes, there are many CAs still using MD5 for at least some certificate signing. In fact, the rogue certificate used in this exploit emulated a VeriSign RapidSSL cert. TC TrustCenter AG, RSA, and Thawte Inc. also still use the vulnerable hash function. But there are four significant mitigating factors.

1. Most enterprise-class certificates, such as VeriSign’s Extended Validation SSL Certificates use the still secure SHA-1 hash function.
2. Certificates already issued with MD5 signatures are not at risk. The exploit only affects new certificate acquisitions.
3. CAs are quickly moving to replace MD5 with SHA-1. For example, VeriSign was planning to phase out MD5 by the end of January 2009. The date was pushed up due to the December proof of concept. On December 31, 2008, RapidSSL certificates shipped with SHA-1 digital signatures.
4. The researchers did not release the under-the-hood specifics of how the exploit was executed.

Again, these are mitigating factors. It isn’t impossible for cybercriminals to come up with an attack on their own now that conceptual understanding of approach is public knowledge. But SSL is not broken. The only thing broken is a portion of the public key infrastructure (PKI) which underlies it, and the risk is manageable.

(from The new MD5/SSL exploit is NOT the end of civilization as we know it, TechRepublic)

I do not pretend to understand the mathematics behind much of this, but I find it all very interesting, nonetheless.