Hi Gunwant, > Fyi, even SHA-1 is susceptible to collision attacks. Practically even if MD5 > or SHA-1 are broken, this vulnerability still can't be readily used to exploit the certificate genuinity uptil 'Now'
Absolutely, I completely agree with your point that SHA-1 is susceptible to collisions. The only difference between them is that colliding SHA-1 still a mathematical probability of 2^63 computational cycles, So far nobody has been able show a working collision for SHA-1. > IMHO I am sure this will be exploited with a solid rationale in the near future. Absolutely.. It's just a matter of biding time till someone figures out a way, IMHO, PS3's (Cell Based Systems) & GPUs are doing a remarkably praiseworthy job of shrinking the computational time-line. Having said that, the point I wanted to make regarding MD5 specifically was that POCs and tools for attacking MD5 have been available for close to 3 years and these attacks have been a part of GHTQ curriculum. but nothing was serious as this for MD5 uptil 'Now'... the metaphorical "final nail in the coffin". The best bet as of now is to rely on multiple hashing algorithms for critical systems; so even if one collision is generated other hashes would fail to match. NOTE: I can't recollect the names of those tools mentioned here but if someone is interested in knowing them lemme know, I'd be glad to re-lookup the same. Warm Regards, Pranav Joshi Consultant - Information Security [CISA/GHTQ/GWAS/Security+] Email: pranav.jo...@kriss.in Phone: +91-9958967766 > Hi, > > Thanks for sharing the information. Just wanted to add some more to this. > > As you said: > "Since, MD5 is also used in signing certificates the browsers will have no > way of telling the difference between a genuine and a rogue website unless > other hashing algorithms like SHA-1 are also used." > > Fyi, even SHA-1 is susceptible to collision attacks. Practically even if MD5 > or SHA-1 are broken, this vulnerability still can't be readily used to exploit the certificate genuinity uptil 'Now'. Having said that I did not > mean that it can't be exploited at all thereby further exposing insecurity > on the internet. What I am saying is until some more research is done on how > to exploit this in relevance to the certificates, we can unwind and count > on > atleast the certificates for now. > > Some guys have come up with a PoC for the same, however not at a very reasonable level. > May be you want to have a look at these: > > http://www.cryptography.com/cnews/hash.html<https://houmail.halliburton.com/OWA/redir.aspx?C=52ed613179914f85a1b0ae5a68761f71&URL=http%3a%2f%2fwww.cryptography.com%2fcnews%2fhash.html> http://www.securityfocus.com/columnists/488 > > IMHO I am sure this will be exploited with a solid rationale in the near future. > > Thanks, > -Gunwant Singh > > On Fri, Jan 2, 2009 at 1:46 PM, Pranav Joshi <pranav.jo...@kriss.in> wrote: > >> Hello Everyone. >> It's been quite a while since security issues with MD5 algorithm started >> cropping up regarding reproducible hash collisions (a.k.a Birthday Attack), this one ups the ante by driving the final nail in it's coffin. >> Since, MD5 is also used in signing certificates the browsers will have no >> way of telling the difference between a genuine and a rogue website unless >> other hashing algorithms like SHA-1 are also used. >> http://blogs.computerworld.com/md5_ca_hack_and_the_ps3 >> Warm Regards, >> Pranav Joshi >> Consultant - Information Security [CISA/GHTQ/GWAS/Security+] >> Email: pranav.jo...@kriss.in >> Phone: +91-9958967766 >> _______________________________________________ >> Owasp-delhi mailing list >> Owasp-delhi@lists.owasp.org >> https://lists.owasp.org/mailman/listinfo/owasp-delhi > > > > -- > Gunwant Singh > _______________________________________________ Owasp-delhi mailing list Owasp-delhi@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-delhi
