Rogue Root CAs because of MD5 collisions

December 30, 2008

Quoting from

“As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.”

I wrote a program to look through the trusted certs that came with Firefox 3.0.4 for any CAs with MD5 signature algorithms.


UPDATE: the list was not relevant because of a feature of the attack (thanks Thomas). Apparently “only RapidSSL and FreeSSL are practically vulnerable”

UPDATE 2: VeriSign responds, no longer possible with RapidSSL. And they’ve been phasing MD5 out across the board.