The report itself (http://www.win.tue.nl/hashclash/rogue-ca/#sec5) listed six CA's that issued MD5 certs in 2008: *
RapidSSL<http://www.rapidssl.com/> C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1 * FreeSSL<http://www.rapidssl.com/ssl-certificate-products/free-ssl/freessl.htm> (free trial certificates offered by RapidSSL) C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications * TC TrustCenter AG<http://www.trustcenter.de/> C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/[email protected] * RSA Data Security<https://www.verisign.com/repository/root.html> C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority * Thawte<http://www.thawte.com/> C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/[email protected] * verisign.co.jp<http://www.verisign.co.jp/> O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Troy Meyer [mailto:[email protected]] Sent: Wednesday, December 31, 2008 2:09 PM To: NT System Admin Issues Subject: RE: Hackers create rogue CA certificate using MD5 collisions If the PS3 guys can crack an MD5 encrypted root certificate, they can create their own CA that looks like a trusted authority and in turn the CA can issue certificates that appear to be from that fake trusted authority. If a public CA has a root cert that is encrypted with SHA1 they aren't susceptible (yet) to having their certs faked. Faked certs could be used to make false websites look secure or genuine, could be used to deploy software that appears to be from a trusted vendor, or could be used to gain access to services/systems authenticated through public certs. Hopefully this will be a kick in the rear to CAs using MD5. If you run a site or service that uses certs from CAs like Equifax, Thawte, or GTE (all have at least one valid CA with a root cert encrypted with MD5), check your cert and the encryption of the signature at the top of the certificate path. If your root cert was encrypted with MD5, I would get your CA on the phone and have a conversation about possible risks. -troy -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Wednesday, December 31, 2008 1:06 PM To: NT System Admin Issues Subject: Re: Hackers create rogue CA certificate using MD5 collisions On Wed, Dec 31, 2008 at 11:13 AM, David Lum <[email protected]> wrote: > Microsoft is not aware of specific attacks against MD5, so previously > issued certificates that were signed using MD5 are not affected and do not > need to be revoked. This issue only affects certificates being signed using > MD5 after the publication of the attack method. I thought the idea was that an attacker would forge a certificate, with info matching an existing certificate, but using a private key of their own, and then set their fleet of PlayStation 3's to work to come up with an MD5 collision, so they could use the signature from a real certificate to sign their forgery. Or something like that. So not only does this affect already-issued certificates, it depends on them. Or am I misunderstanding? > Most public Certificate Authority roots no longer use MD5 to sign > certificates, but have upgraded to the more secure SHA-1 algorithm. But as long as browsers still accept the older certificates, they'd still be vulnerable, right? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
