Comments on: Morons Release Beautiful Attack

By: Certyfikat klucza publicznego | hilpers

Certyfikat klucza publicznego | hilpers — Sun, 18 Jan 2009 15:33:40 +0000

[...] z�ama� klucz takiego urz�du. Istnieje te� inne Jakby niedawno okaza�o si�, �e nie musia�by. http://www.links.org/?p=477 https://blog.startcom.org/?p=145 — Dariusz Sznajder [...]

By: Richard Threadgill

Richard Threadgill — Wed, 31 Dec 2008 21:00:44 +0000

> Ironically, their attack is rendered somewhat pointless right now..

Not really. The md5-based attack allows a man-in-the-middle to attack *all* ssl sessions flowing their proxy, a bogus certificate attack only allows the attacker to spoof all sessions involving the site for which they’ve spoofed a certificate.

By: Infiltrated’s Security Predictions for 2009 | We Break Things

Infiltrated’s Security Predictions for 2009 | We Break Things — Wed, 31 Dec 2008 17:37:52 +0000

[...] http://www.links.org/?p=477 [2] http://www.ietf.org/mail-archive/web/saag/current/msg02369.html [3] [...]

By: Justin Mason

Justin Mason — Wed, 31 Dec 2008 11:00:33 +0000

Charles -- yep, that part is another good example of the autoincrement considered harmful antipattern.

By: Charles Darke

Charles Darke — Tue, 30 Dec 2008 22:40:04 +0000

Great attack, but I feel that the CA not taking the precaution of introducing sufficient element of randomness in what it signs is also a significant factor.

Even if they only introduced a 32bit random, it would have helped.

By: johans

johans — Tue, 30 Dec 2008 22:11:15 +0000

These researchers have been warning about such md5 collisions for years. In 2006 they published X.509 certificates in different names with identical md5 hashes to get a wider audience for the md5-collision attacks that were found a year earlier. The paper (which was widely quoted at the time) should still be at http://www.win.tue.nl/hashclash/TargetCollidingCertificates/. In 2007 they published signed PDF documents predicting the outcome of the US-presidential elections (http://www.win.tue.nl/hashclash/Nostradamus/) – people laughed a bit and mostly ignored it. Stevens, De Weger and Lenstra have been telling everybody who would listen that people should stop using md5-signed X.509 certificates and documents; but didn’t find much of an audience outside the academic world.

I must say that I didn’t think of the specific application they published now either. But the basic md5-collission isn’t surprising. You should realise that these are academics (mathematicians), trying to persuade the computer community to stop using md5 for these kind of applications – not software hackers who are out to break systems. Yes, their approach was too rash, but it seems that finally they managed to get people to stop and listen.

By: Links » More on MD5 Collisions

Links » More on MD5 Collisions — Tue, 30 Dec 2008 20:14:17 +0000

[...] LinksThe Rest I Just Squandered « Morons Release Beautiful Attack [...]

By: Kragen Javier Sitaker

Kragen Javier Sitaker — Tue, 30 Dec 2008 19:23:35 +0000

It appears that your accusation that they are morons boils down to this: “Users could have been protected from this exploit quite easily – only browsers and CAs had to be notified, which is easily achievable without premature public disclosure.” But according to (second-hand reports of) the researchers’ talk, they did notify the browser vendors and CAs. If that is the case, does that make them not morons? If that turns out to be the case, maybe you should be more careful in the future about calling people names in public before getting your facts straight.

By: Cat

Cat — Tue, 30 Dec 2008 18:15:04 +0000

Justin – that sounds like “clearly the ‘bad guys’ aren’t going to be smart/fast about developing a useful exploit” to me… and that’s clearly a terrible assumption to make.

By: ARG

ARG — Tue, 30 Dec 2008 18:09:20 +0000

I don’t get what your beef is. They’ve reconstructed a pointless attack that will cripple teh Interwebs! I mean everyone is efermally affected by it! You come out so harsh. Just because they re-hashed old exploits into a new and uberly stupid improved “0-day” attack, doesn’t mean they’re not geniuses. Right now I’m working on rehashing an oldie but goodie. TCP spoofing! Stay tooned