That’s right. We all knew it had to happen sometime…… SSL certificates are now spoofable. That’s right you can now create an SSL certificate that causes all major browsers to think that an SSL certificate is valid and from a trusted certificate authority.
The real problem here is that SSL supports the use of the MD5 hash function which has had known collision problems for many many years. A collision happens when two separate inputs generate the same hash i.e.:
md5(“asdgasdlghgds”) -> %#QAJHAE%UNAW#$#E%QU*QABS
md5(“56832ujxdf175”) -> %#QAJHAE%UNAW#$#E%QU*QABS
this reduces the time it takes to discover the input used to generate the hash drastically.
Most certificate authorities use a stronger algorithm like SHA-2, but a handful still use MD5 and therefore the SSL spec still supports MD5 and so all web browsers are vulnerable.
The details are not entirely clear yet but The Register reports that the spoofing is carried out by farming together more than 200 PS3 consoles to generate certificates until they found a pair that had a collision on the MD5 hash.
They first requested a legitimate certificate from an MD5 only certificate authority. Then they created their own CA credential and copied the legitimate signature into the rouge credential and re-signed it using the MD5 hash. By doing this it looks like the certificate was purchased from and signed (using MD5) from a legitimate company but in fact was generated and never purchased.
The big effect is that it could make it easy for phishers to impersonate sites if they can generate SSL certificates that are for sites like banking or other important websites. I wonder if PS3 sales will go up?
This is a tricky issue to fix as all browser support MD5 signing and some certificate authorities only use MD5 signing. To fix this issue the browsers will need to be patched to not support (or at least warn) about MD5 signing. Also the certificate authorities that use MD5 will have to stop using MD5, switch to a new algorithm, and re-issue all certificates that are signed with an MD5 hash.
Should I Really Run For The Hills?
It really depends what the response is from the parties involved and how quickly attackers are able to exploit this. Currently the researchers have announced and demonstrated the attack but have not released any fine details that would allow an attacker to create their own but it is only a matter of time.
To execute a phishing attack against a user the attacker would need spoof both the DNS lookup and the SSL certificate of the site. While this is possible so many people fall for the simple attacks I am not sure that attackers will jump on this.
On the other hand it could give rise to companies selling counterfeit SSL certificates but that remains to be seen.
*UPDATE: the actual paper can be found here: http://www.win.tue.nl/hashclash/rogue-ca/