Re: MD5 crack for digital certificates

[Patrick J Kobly <patrick () kobly com>]

Take a look at

http://www.win.tue.nl/hashclash/rogue-ca/

They build on work by a number of other researchers who demonstrated MD5
collisions (2 different documents which have the same MD5 hash) and
specifically Stevens' work on colliding certificates with different
chosen identities and public keys.

In essence, they generated a pair of certificates, each of which would
have the same MD5 hash over their to-be-signed parts (serial #, validity
period, issuer name, subject name, subject public key, and constraints).

As a result, the CA's signature over the first of the pair (when they
bought the cert) was also valid over the second (rogue) certificate.

PK

M.D.Mufambisi wrote:
> Hi people.
>
> I have been reading about the recent crack on digital certificates
> signed using MD5 hashing algorithm. I am a bit confused by the concept
> and i request clarification from anyone who understands it. From my
> understanding, this is what happens when a certificate is created:
>
> 1. Message hash computed (in this instance using MD5)
> 2. Message hash encrypted with CA private key.
> 3. Message hash appended to certificate.
>
> How then are they "cracking" md5? when there is the encryption done on
> the hash? Im quite hazy on this one.
>
> Also, just another one with regards to bruteforce attacks, how does a
> brute force attacker (application) know it has reached the correct
> password? Because to it, they are just characters right? is there a
> flag set by the application being cracked to say "alright, stop, you
> got the right one there?"
>
> thanks.
>
>
>
>   


-- 

 

Patrick Kobly, CISSP

 

T: 403-274-9033

C: 403-463-6141

F: 866-786-9459

56 388 Sandarac Dr NW
Calgary, Alberta
T3K 4E3
http://www.kobly.com

Attachment: signature.asc
Description: OpenPGP digital signature