[GTER] Na C3 hoje - MD5 break - Rogue CA

Frederico A C Neves fneves at registro.br
Tue Dec 30 14:27:12 -02 2008

Se alguém ainda confia nos argumentos que os atuais certificados SSL
tornam DNSSEC desnecessário, leia o artigo que saiu na C3 hoje.


"MD5 considered harmful today
Creating a rogue CA certificate

December 30, 2008

Alexander Sotirov, Marc Stevens,
Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de

We have identified a vulnerability in the Internet Public Key
Infrastructure (PKI) used to issue digital certificates for secure
websites. As a proof of concept we executed a practical attack
scenario and successfully created a rogue Certification Authority (CA)
certificate trusted by all common web browsers. This certificate
allows us to impersonate any website on the Internet, including
banking and e-commerce sites secured using the HTTPS protocol.

Our attack takes advantage of a weakness in the MD5 cryptographic hash
function that allows the construction of different messages with the
same MD5 hash. This is known as an MD5 "collision". Previous work on
MD5 collisions between 2004 and 2007 showed that the use of this hash
function in digital signatures can lead to theoretical attack
scenarios. Our current work proves that at least one attack scenario
can be exploited in practice, thus exposing the security
infrastructure of the web to realistic threats."

Não poderia ser um final pior para um 2008 tenebroso.... que 2009 seja
melhor, feliz ano novo para todos.


More information about the gter mailing list