Subject: A better approach to security
List archive
- From: Philipp Guehring <philipp AT cacert.org>
- To: A better approach to security <cacert AT lists.cacert.org>
- Subject: Re: [CA cert] SSL Broken?
- Date: Mon, 05 Jan 2009 10:27:36 +0100
Hi,
> If MD5 is cracked
No.
Unfortunately, there are various attack-vectors, and MD5 only fell for
one of them yet.
> so that collistions can be constructed
Yes, at the moment, you have to construct both sides of the collissions.
> then you can take the signature from any certificate issued by a CA
> using MD5,
No, because you currently have to construct both sides of the
collission. You can't take an existing MD5 signature and construct a
collission for it.
> create the certificate you'd like to have (for example a
> SubCA-certificate), add an obscure Extension so the MD5 hash becomes
> equal to the one of the real certificate and add the signature of the
> real certificate.
Not with existing certificates, only with new certificates.
>
> So a signature made by using MD5 is worth nothing anymore, which makes
> non-root-certificates signed by using MD5 worthless.
No. It only makes new MD5 signatures dangerous, old MD5 signatures are
still safe at the moment. (Which possibly changes within the next 5 years)
> Root certificates are not affected because a self signature is not
> worth anything anyway. Root certificates gain their value solely from
> the fact that they are in your trust list.
Yes, right.
> N.B.: Once you have created a forged SubCA-certificate you can issue
> arbitrary certificates which are accepted by applications who accept
> the original CA cert. Of course those generated certificates would use
> a good hash function, since from the on there's nothing to hide anymore.
Yes, right.
> Conclusion: If you want to verify a certificate in the light of MD5
> weakness you'll have to check the certificate chain for non-root
> certificates using MD5 for signatures. If you find one, the cert is
> worthless.
No. It might be worthless, it might be worth something. The problem is
that by only looking at the certificates, you can't know whether they
are worthless or not. You would have to ask the CA, whether they
actually issued that certificate, or not.
Best regards,
Philipp Gühring
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?]
, (continued)
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Jan Pieter Cornet, 01/03/2009
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Christophe Meessen, 01/03/2009
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Jan Pieter Cornet, 01/03/2009
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Christoph A., 01/04/2009
- Re: [CA cert] [Fwd: [PGPNET] SSL Broken?], John W. Moore III, 01/05/2009
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Christophe Meessen, 01/05/2009
- Re: [CA cert] [Fwd: [PGPNET] SSL Broken?], Alain Knaff, 01/05/2009
-
Re: [CA cert] SSL Broken?,
Bernhard Froehlich, 01/05/2009
- Re: [CA cert] SSL Broken?, Alain Knaff, 01/05/2009
- Re: [CA cert] SSL Broken?, Bernhard Froehlich, 01/05/2009
- Re: [CA cert] SSL Broken?, Philipp Guehring, 01/05/2009
- Re: [CA cert] SSL Broken?, Christophe Meessen, 01/05/2009
- Re: [CA cert] [Fwd: [PGPNET] SSL Broken?], Philipp Guehring, 01/05/2009
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Christoph A., 01/04/2009
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Jan Pieter Cornet, 01/03/2009
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Christophe Meessen, 01/03/2009
- Re: [CA cert] [Fwd: [PGPNET] SSL Broken?], Philipp Guehring, 01/04/2009
-
Re: [CA cert] [Fwd: [PGPNET] SSL Broken?],
Jan Pieter Cornet, 01/03/2009
Archive powered by MHonArc 2.6.24.