A better approach to security

[Jan Pieter Cornet <johnpc AT xs4all.nl>]

On Sat, Jan 03, 2009 at 01:58:18PM +0100, Christophe Meessen wrote:
> Hello,
> 
> I'm a bit confused by the explanation. Where is MD5 used ? Is it used as 
> hash inside the signature or is it used by the PKI in a validity checking 
> shortcut ?

I believe you haven't read the detailed explanation on this page:
http://www.win.tue.nl/hashclash/rogue-ca/

It answers all the questions you still might have, and then some.

> If it is the former, it would be good to know which CA is using MD5 
> signatures because this is indeed a big mistake.
> If it is the later, it would also be good to know what PKI has this 
> weakness. One needs to know if we are exposed and in what way.
> 
> It is regrettable the author uses false claims as the SSL is broken because 
> this is confusing the reader.

SSL _is_ broken. Or rather, one specific implementation of it. As a
result, the attackers are now in posession of a CA that is trusted by
every browser, with which they can sign any site they like.

While the certificate they demonstrate is only valid in august 2004, it
is theoretically possible that there are multiple CAs that have that
capability, in the hands of criminals.

How much more breakage do you need before _you_ believe SSL is broken?

The good news is: it's unlikely that somebody else already did this, and
it's very unlikely that these whitehats indeed have another rogue CA,
and if we all stop using MD5 right now, we can continue to use SSL using
SHA1 like nothing ever happened (oh, maybe erase the Comodo CA from your
machine too if you want to be really safe ;)

-- 
Jan-Pieter Cornet <johnpc AT xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!