[nycbug-talk] [ccc related] MD5 considered harmful today
Charles Sprickman
spork at bway.net
Tue Dec 30 20:07:04 EST 2008
Alex has some good timing.
I was reading this:
https://www.win.tue.nl/hashclash/rogue-ca/
It's long and complicated, and I got lost after the basic "how to make
a hash" section, but this bit should pique anyone's interest:
------
The potential of this attack scenario is even greater than just obtaining
a rogue certificate for a single secure website. This is because our rogue
certificate doesn't have to be a website certificate, but it could be an
intermediary CA certificate. Although the certificate originally signed by
the real CA has in the "basic constraints" field the flag "CA = FALSE",
indicating that this certificate cannot be used to validate other
certificates in a certificate chain, our rogue certificate has the same
flag set to "CA = TRUE". We are in possession of the private key
corresponding to the public key in this rogue CA certificate. As a result
we are able to issue any number of certificates to anybody we choose, and
they will be recognized as valid certificates by anybody trusting the real
CA, which is all Internet users using one of the common web browsers.
------
Charles
More information about the talk
mailing list