Nmap Development mailing list archives
Re: On the topic of SSL and MD5 (was Re: [NSE])
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 12 Jan 2009 23:27:19 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 13 Jan 2009 00:13:33 +0100 Daniel Roethlisberger <daniel () roe ch> wrote: ...snip...
While I agree with most of your conclusions, your use of the specific crypto terms below is incorrect:
...snip...
What you actually meant are ``chosen-prefix collisions''. In a collision attack, the attacker will always generate two to-be-signed parts with identical hash value (but not a predetermined hash value). Very important difference.
Your right and I should have prefaced the whole thing with IANAC. I forgot that a second-preimage is a collision attack where the first message is fixed. Choosing a prefix and finding a collision is just as you described, a "chosen-prefix collision". You are also correct in that a true second-preimage attack would skip over all the issues. When I said first-preimage would skip over all the current issues, I was thinking of finding a *different* cert with the same hash -- which is, as you pointed out, really just a second-preimage attack and a first-preimage attack doesn't apply to SSL in this context.
However, also consider that we need to phase out most/all legitimate MD5-signed certificates before we can configure our browsers to not trust a certificate if the chain includes MD5-signed intermediate certs or it is itself MD5-signed.
Good point. I mentioned this in my reply to MadHat. Admins need to do their part to eliminate legitimately MD5-signed SSL certs before we can start finding the ones illegitimately signed. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklr0eIACgkQqaGPzAsl94K+UACgqZVv7KXvkomL9hqshjGm/qMd Y+4Ani+q6U5RZIlCykyg0f//9JAx0+Nt =rz1Q -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] MadHat Unspecific (Jan 12)
- Re: [NSE] bensonk (Jan 12)
- Re: [NSE] MadHat Unspecific (Jan 12)
- On the topic of SSL and MD5 (was Re: [NSE]) Brandon Enright (Jan 12)
- Re: On the topic of SSL and MD5 (was Re: [NSE]) MadHat Unspecific (Jan 12)
- Re: On the topic of SSL and MD5 (was Re: [NSE]) Brandon Enright (Jan 12)
- Re: On the topic of SSL and MD5 (was Re: [NSE]) Daniel Roethlisberger (Jan 12)
- Re: On the topic of SSL and MD5 (was Re: [NSE]) Brandon Enright (Jan 12)
- Re: [NSE] bensonk (Jan 12)