Pranav, Thanks for the information. Would you mind sharing the name of the tools for MD5 cracking? I'll be thankful.
All, I was curious about a question on Sessions which I wanted to ask you all since some time back but did not get any chance due to some reasons. I have asked this question on some forums as well, so excuse me if you have already heard of this. As we all know salted MD5 hashing protects the authentication credentials rightly from eavesdropping on the network. SSL does the same thing. However, in some scenarios SSL might not be feasible. For example, causing heavy load on the server or may be some applications don't support it, etc. Apparently we need to protect 2 crucial things in the HTTP header from the person sniffing the network traffic. "Authentication Credentials and Session Credentials" We can protect the authentication credentials using salted MD5 hashing or by using SSL. In case SSL implementation is not feasible, salted MD5 will still protect the authentication credentials but not the Session Credentials. In order to protect the Session credentials (Session ID, tokens, cookies, etc) on a non-SSL channel what measures can be taken? Thoughts? -Gunwant On Fri, Jan 9, 2009 at 1:34 PM, Pranav Joshi <pranav.jo...@kriss.in> wrote: > Hi Gunwant, > > > Fyi, even SHA-1 is susceptible to collision attacks. Practically even if > MD5 > > or SHA-1 are broken, this vulnerability still can't be readily used to > exploit the certificate genuinity uptil 'Now' > > Absolutely, I completely agree with your point that SHA-1 is susceptible > to collisions. > > The only difference between them is that colliding SHA-1 still a > mathematical probability of 2^63 computational cycles, So far nobody has > been able show a working collision for SHA-1. > > > IMHO I am sure this will be exploited with a solid rationale in the near > future. > > Absolutely.. It's just a matter of biding time till someone figures out a > way, IMHO, PS3's (Cell Based Systems) & GPUs are doing a remarkably > praiseworthy job of shrinking the computational time-line. > > Having said that, the point I wanted to make regarding MD5 specifically > was that POCs and tools for attacking MD5 have been available for close to > 3 years and these attacks have been a part of GHTQ curriculum. but nothing > was serious as this for MD5 uptil 'Now'... the metaphorical "final nail in > the coffin". > > The best bet as of now is to rely on multiple hashing algorithms for > critical systems; so even if one collision is generated other hashes would > fail to match. > > NOTE: I can't recollect the names of those tools mentioned here but if > someone is interested in knowing them lemme know, I'd be glad to re-lookup > the same. > > Warm Regards, > Pranav Joshi > Consultant - Information Security [CISA/GHTQ/GWAS/Security+] > Email: pranav.jo...@kriss.in > Phone: +91-9958967766 > > > Hi, > > > > Thanks for sharing the information. Just wanted to add some more to > this. > > > > As you said: > > "Since, MD5 is also used in signing certificates the browsers will have > no > > way of telling the difference between a genuine and a rogue website > unless > > other hashing algorithms like SHA-1 are also used." > > > > Fyi, even SHA-1 is susceptible to collision attacks. Practically even if > MD5 > > or SHA-1 are broken, this vulnerability still can't be readily used to > exploit the certificate genuinity uptil 'Now'. Having said that I did not > > mean that it can't be exploited at all thereby further exposing > insecurity > > on the internet. What I am saying is until some more research is done on > how > > to exploit this in relevance to the certificates, we can unwind and > count > > on > > atleast the certificates for now. > > > > Some guys have come up with a PoC for the same, however not at a very > reasonable level. > > May be you want to have a look at these: > > > > http://www.cryptography.com/cnews/hash.html< > https://houmail.halliburton.com/OWA/redir.aspx?C=52ed613179914f85a1b0ae5a68761f71&URL=http%3a%2f%2fwww.cryptography.com%2fcnews%2fhash.html > > > http://www.securityfocus.com/columnists/488 > > > > IMHO I am sure this will be exploited with a solid rationale in the near > future. > > > > Thanks, > > -Gunwant Singh > > > > On Fri, Jan 2, 2009 at 1:46 PM, Pranav Joshi <pranav.jo...@kriss.in> > wrote: > > > >> Hello Everyone. > >> It's been quite a while since security issues with MD5 algorithm > started > >> cropping up regarding reproducible hash collisions (a.k.a Birthday > Attack), this one ups the ante by driving the final nail in it's > coffin. > >> Since, MD5 is also used in signing certificates the browsers will have > no > >> way of telling the difference between a genuine and a rogue website > unless > >> other hashing algorithms like SHA-1 are also used. > >> http://blogs.computerworld.com/md5_ca_hack_and_the_ps3 > >> Warm Regards, > >> Pranav Joshi > >> Consultant - Information Security [CISA/GHTQ/GWAS/Security+] > >> Email: pranav.jo...@kriss.in > >> Phone: +91-9958967766 > >> _______________________________________________ > >> Owasp-delhi mailing list > >> Owasp-delhi@lists.owasp.org > >> https://lists.owasp.org/mailman/listinfo/owasp-delhi > > > > > > > > -- > > Gunwant Singh > > > > > > > > > > > > > > > > > -- Gunwant Singh
_______________________________________________ Owasp-delhi mailing list Owasp-delhi@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-delhi
