Gladiator Research and Security

There’s a buzz on the Internet about a new attack against SSL certificates used to secure website communications.  Researchers have been able to create new certificates for existing websites that appear legitimate to web browsers.  That means if a user is browsing a fake website using HTTPS, his web browser will accept the certificate as valid.  There will be no warning messages or approval dialog boxes.  This could be detrimental to the Internet’s secure communications model, but how bad is it, really?

Well, for starters, this vulnerability is not actually being exploited at the moment.  The researchers who reported the vulnerability did not disclose the algorithm they used to generate the certificates.  They also had to use 200 PS3 consoles networked together to generate the certificates, and even then it took 2 days for each one.  Furthermore, the attack only works on certificates signed with an MD5 hash.  This hashing method is still in use, but not as prevalent as SHA1 and SHA2.  Certificate Authorities are being encouraged to stop supporting MD5 hashes, but there is no time line as of now.  RapidSSL, owned and operated by Verisign, is the largest issuer of MD5 hashed certificates.  It has committed to stop signing certificates with MD5 hashes by the end of January, according to Security Focus.

That still leaves consumers at some risk.  Microsoft has written a good blog entry on how to protect yourself with IE 7 and IE 8 Beta.  The full article is linked below.  The first suggestion, and the easiest to follow, is to look for Extended Validation (EV) certificates.  EV certs are always signed with SHA1, at minimum, so they are not affected by this vulnerability.  These certificates usually turn the website address bar green or add additional labels, depending on your browser.  Firefox users can also get the SSL Blacklist plugin.  This plugin can block all MD5 signed certificates, if so desired.

As of today, the likelihood that an attacker will go to all the trouble of generating a new valid certificate is pretty low, considering most users are perfectly happy to click through a warning dialog box to get to a website.  In the future, when the attack algorithm has been released and processing power is cheaper, you may see more attacks exploiting these vulnerabilities.  Hopefully, by then the MD5 hash will no longer be in use on legitimate websites.

Related Links:

• Microsoft Security Blog suggestions (http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx)
• Security Focus Flaw Details (http://www.securityfocus.com/news/11541)
• Security Focus Website Certificate Survey Results (http://www.securityfocus.com/brief/880)
• Security Focus Verisign Response (http://www.securityfocus.com/columnists/488?ref=rss)
• SANS Internet Storm Center SSL Blacklist Information (http://isc.sans.org/diary.html?storyid=5614)
• DarkReading Article (http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212700234&cid=RSSfeed)