Re: Security team successfully cracks SSL using 200 PS3's and MD5

[Marshall Eubanks <tme () multicasttech com>]

On Jan 3, 2009, at 9:38 AM, Dorn Hetzel wrote:

> Would using the combination of both MD5 and SHA-1 raise the  
> computational
> bar enough for now,

I have never seen this recommended (and I do try and follow this).

> or are there other good prospects for a harder to crack
> hash?

The Federal Information Processing Standard 180-2, Secure Hash  
Standard, specifies algorithms for computing five cryptographic hash  
functions — SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.

SHA-256 is thought to be still safe, unlike SHA-1

http://eprint.iacr.org/2008/271
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

and its use is recommended by RFC4509.
http://tools.ietf.org/html/rfc4509

So, I would use SHA-256 if possible. (SHA-224 is a truncation of -256  
- see rfc3874.)

There is, BTW, a competition to find a replacement.

http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

Regards
Marshall

> On Sat, Jan 3, 2009 at 9:35 AM, William Warren <
> hescominsoon () emmanuelcomputerconsulting com> wrote:
>
> > Dragos Ruiu wrote:
> >
> > > On 2-Jan-09, at 9:56 AM, Robert Mathews (OSIA) wrote:
> > >
> > > Joe Greco wrote:
> > > > > [ ....  ]
> > > > >
> > > > > Either we take the potential for transparent MitM attacks  
> > > > > seriously, or
> > > > > we do not.  I'm sure the NSA would prefer "not."  :-)
> > > > >
> > > > > As for the points raised in your message, yes, there are  
> > > > > additional
> > > > > problems with clients that have not taken this seriously.  It is,
> > > > > however,
> > > > > one thing to have locks on your door that you do not lock, and  
> > > > > another
> > > > > thing entirely not to have locks (and therefore completely lack  
> > > > > the
> > > > > ability to lock).  I hope that there is some serious thought  
> > > > > going on in
> > > > > the browser groups about this sort of issue.
> > > > >
> > > > > [ ... ]
> > > > >
> > > > > ... JG
> > > >
> > > > F Y I, see:
> > > >
> > > > SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
> > > > certificates @
> > > > http://www.codefromthe70s.org/sslblacklist.aspx
> > > >
> > > > Best.
> > >
> > > Snort rule to detect said...
> > >
> > > url: http://vrt-sourcefire.blogspot.com/2009/01/md5-actually-harmful.html
> > >
> > > alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"POLICY  
> > > Weak SSL
> > > OSCP response -- MD5 usage"; content:"content-type:
> > > application/ocsp-response"; content:"2A 86 48 86 F7 0D 01 01 05";  
> > > metadata:
> > > policy security-ips drop, service http; reference: url,
> > > www.win.tue.nl/hashclash/rogue-ca/; classtype: policy-violation;
> > > sid:1000001;)
> > >
> > > cheers,
> > > --dr
> > >
> > > --
> > > World Security Pros. Cutting Edge Training, Tools, and Techniques
> > > Vancouver, Canada  March 16-20 2009  http://cansecwest.com
> > > London, U.K. May 27/28 2009 http://eusecwest.com
> > > pgpkey http://dragos.com/ kyxpgp
> > >
> > >
> > >
> > > Everyone seems to be stampeding to SHA-1..yet it was broken in  
> > > 2005.  So
> > we trade MD5 for SHA-1?  This makes no sense.