This isn't the issue at all at the moment. Root CA certs can be signed in crayon, as long as you trust the integrity of the cert, you are OK.
No one is cracking root CA certs. They are generating certificate requests (two of them - one for an end point purpose e.g. web server authentication, and one for an intermediate CA) that will result in the same signing hash from the CA if the CA is using MD5 Cheers Ken -----Original Message----- From: Troy Meyer [mailto:[email protected]] Sent: Thursday, 1 January 2009 9:09 AM To: NT System Admin Issues Subject: RE: Hackers create rogue CA certificate using MD5 collisions If the PS3 guys can crack an MD5 encrypted root certificate, they can create their own CA that looks like a trusted authority and in turn the CA can issue certificates that appear to be from that fake trusted authority. If a public CA has a root cert that is encrypted with SHA1 they aren't susceptible (yet) to having their certs faked. Faked certs could be used to make false websites look secure or genuine, could be used to deploy software that appears to be from a trusted vendor, or could be used to gain access to services/systems authenticated through public certs. Hopefully this will be a kick in the rear to CAs using MD5. If you run a site or service that uses certs from CAs like Equifax, Thawte, or GTE (all have at least one valid CA with a root cert encrypted with MD5), check your cert and the encryption of the signature at the top of the certificate path. If your root cert was encrypted with MD5, I would get your CA on the phone and have a conversation about possible risks. -troy -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Wednesday, December 31, 2008 1:06 PM To: NT System Admin Issues Subject: Re: Hackers create rogue CA certificate using MD5 collisions On Wed, Dec 31, 2008 at 11:13 AM, David Lum <[email protected]> wrote: > Microsoft is not aware of specific attacks against MD5, so previously > issued certificates that were signed using MD5 are not affected and do not > need to be revoked. This issue only affects certificates being signed using > MD5 after the publication of the attack method. I thought the idea was that an attacker would forge a certificate, with info matching an existing certificate, but using a private key of their own, and then set their fleet of PlayStation 3's to work to come up with an MD5 collision, so they could use the signature from a real certificate to sign their forgery. Or something like that. So not only does this affect already-issued certificates, it depends on them. Or am I misunderstanding? > Most public Certificate Authority roots no longer use MD5 to sign > certificates, but have upgraded to the more secure SHA-1 algorithm. But as long as browsers still accept the older certificates, they'd still be vulnerable, right? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
