back to article Weak sigs found on one in seven SSL sites

One in seven digital certificates that stamp the authenticity of secure web sites use a vulnerable signature algorithm, according to a new survey. The shortcoming underlines the need to drop the insecure signing mechanism before its shortcomings are exploited in more convincing phishing attacks. Netcraft reports that 14 per …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Go

    EV SSL Limits Vulnerability

    Yes agreed using EV SSL limits vulnerability. With simple due diligence on the user-side they can ensure that trusted connections to web sites use at least Extended Validation (EV) certificates, which “show a green address bar in most modern browsers.

    And as the article points out these certificates are always signed using SHA-1 and as such are not affected by this newly reported research.

  2. Bod

    EV certs

    Problem with EV certs is they cost companies a lot more. Fine for big businesses but a small business or individuals running a secure connection that needs certs is going to find EV certs prohibitively expensive.

  3. Mike
    Boffin

    As I understand it......

    If the MD5 of the certificate details (common name etc. and public key) matches another certificates MD5 then the signatures (the encrypted MD5) will match assuming they are signed by the same CA certificate, no big surprise.

    The critical thing here is if you could manufacture a certificate that you could predict the MD5 for, then just attach the signature of a certificate with an identical MD5 that has been signed already and presto it appears your manufactured certificate has been validly signed.

    The MD5 weakness (attack) is that you *can* predict the MD5 under some curcumstances, it doesn't matter that we are now issuing SHA-1 certificates, the issue is that our browsers still allow MD5 based signatures, paypal uses SHA-1 but if somebody could create a spoof paypal (or whatever) certificate, install it on a server it could look valid.

    Of course this does also mean the domain name still has to match the IP so either needs a DNS compromise or typo domain (www.paypa1.com etc.) or there will be a certifcate warning.

    When I first worked with certificates (over 10 years ago), I wondered why use a hashed signature at all, why not additionally encrypt the whole server certificate (common name etc and public key) with the CA private key as a signature, OK there's a speed penalty and the certificate is twice the size, but becomes as unbreakable as RSA itself, I spoke to a techie at Verisign and he said that MD5 was as good as it needed to be, I guess it was.... then.

    When I sue for using my idea of using the whole certificate as a basis of the signature (when SHA-1 is broken), remember you heard it here first ;-)

  4. Anonymous Coward
    Joke

    As Cat said....

    But what is it?

  5. J
    Thumb Down

    Signing certs with MD5 does not make them vulnerable

    Did the researchers read the original report of the attack? It was printed in clear text there, that existing certificates that are signed with MD5 are not any more vulnerable than any other certificates.

    The point in the attack was that using a CA that signs certs with MD5, you can craft yourself an intermediate CA certificate and use that to issue further spoof certificates. As the spoof cert is valid in the browser's point of view, it does not matter whether the "real" cert was signed with MD5, SHA-1 or even SHA-2, as it never participates in the spoofing process.

    So, nice study, but studying totally wrong subject...

  6. Anonymous Coward
    Joke

    As Cat (the hacker) said.....

    This is mine.

    This is mine,

    This is mine,

    And this is mine,

    And all this is mine!

This topic is closed for new posts.

Other stories you might like