Rogue Root CAs because of MD5 collisions

Dec 30th, 2008 @ 11:49 am CST

Quoting from http://www.phreedom.org/research/rogue-ca/

“As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.”

I wrote a program to look through the trusted certs that came with Firefox 3.0.4 for any CAs with MD5 signature algorithms.

[snip]

UPDATE: the list was not relevant because of a feature of the attack (thanks Thomas). Apparently “only RapidSSL and FreeSSL are practically vulnerable”

UPDATE 2: VeriSign responds, no longer possible with RapidSSL. And they’ve been phasing MD5 out across the board.

  1. No comments yet