It took over a decade, but two German researchers found an application for a flaw in the MD5 (Message Digest 5) hash widely used throughout the Internet as an implementation of HTTPS. The weakness was originally theorized in 1996, demonstrated in 2004 and reduced to practice June of 2007 whereby two Chinese researchers showed how a hash could be duplicated. This was a full 11 years after the initial discovery of the non-fatal weakness and 12 years after the introduction of newer, stronger algorithms, including SHA-1.
The talk, titled “MD5 considered harmful today: creating a rogue CA certificate”, centers on creating a new PKI certificate for a well known, trusted server. Browsers contain a default list of who constitute a trusted server and each company defines their own processes for who makes the list (Mozilla, Microsoft, Apple, Opera). The German researchers created an appropriately named rogue CA, consisting of a certificate attested to by one of the default trust authorities included by Mozilla in the FireFox browser. There are plenty of details available on the hack itself.
The question that stands out in my mind: of the 30,000 sites tested, why were there 9,000 still using an outdated cryptography? Stands to reason that most of these trust providers have had more than adequate time to migrate to a stronger method (13 years – literally). And at the very least, a revocation/renewal path for users after the 2004 demonstrations. There are plenty of weak rationale: People are on slow computer connections to download so much information, The computers don’t have enough processing power to make the crypto computations, It’ll slow down the user’s experience, We need consistency with our servers.
Bogus. There are expiration dates on certificates for a reason. Use them. Certificate Revocation Lists exist. Check them. There are key lengths and cipher versions associated with connections. Skip the known vulnerable version.
There’s a sliver of “Why did Microsoft, Mozilla, Apple and the rest allow these certificates into their browsers?” Politics and money perhaps. Some of it comes down to ignorance. If a user asks their Internet Service Provider for a secured HTTPS website, they don’t know the difference and just know they see the browser lock once everything’s done. The pressure will come as it always does with a high profile exposure. Do you think it will take another 10 years?
Btw, If you really want amusement, check the root chains loaded by default, especially if you’re on a little older computer. The attached screen shot shows the buttons to press for IE7 on Vista (Internet Options->Content->Certificates->Trusted Root/Intermediate). It’s absolutely amazing what Microsoft used to put in there – now there are only a couple that make me scratch my head… Can you imagine how much information is at risk because of poor choices? What if it’s your bank, or medical doctor or email provider?