|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Thomas Ptacek (tqbf
matasano.com)
Date: Tue Dec 30 2008 - 13:33:42 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If you take everything in the paper at face value, a couple things
mitigate this attack:
* The research team had access not only to a cluster of PS3s but to a
specially optimized MD5 collision-finding implementation, which they
had because Lenstra's team has been playing with a PS3 cluster for
awhile.
* The research team had access to a currently-unpublished optimization
to (presumably the birthday-bits search part of) the collision-finding
algorithm,
* The attack could be made impractical by randomizing the serial
numbers for all future certs issued by RapidSSL (and, presumably, by
banning MD5).
On Tue, Dec 30, 2008 at 11:43 AM, Dave Aitel <daveimmunityinc.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So if someone was able to get a root CA for $20000 - shouldn't we
> remove the RapidSSL root CA from our browsers with the next browser
> update? I don't see why people think this would be hard to replicate
> and hasn't been done previously to RapidSSL. Is it because no one
> other than that one team can do math or buy PS3s?
>
> Microsoft's advisory on this is essentially defaulting to the "No one
> else has ever done this" position. This is weird. Trusted Roots that
> could have been used to sign these things need to get re-issued,
> right? What am I missing here?
>
> "You fail and are no longer trusted" seems like a viable option here
> that people are avoiding for some reason.
>
> - -dave
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJWl3CtehAhL0gheoRAtDfAJ95tDB2CGQxWPsghOtFBlNpFBPWigCfTPNX
> weve1sPUh11d9s6LGN/OYTk=
> =1WL2
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
--
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]