Comments on: More on MD5 Collisions http://www.links.org/?p=480 Ben Laurie blathering Fri, 27 Aug 2010 13:41:58 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Don B. http://www.links.org/?p=480&cpage=1#comment-274424 Don B. Thu, 01 Jan 2009 16:56:57 +0000 http://www.links.org/?p=480#comment-274424 Maybe you shouldn't have used 0day? Maybe you shouldn't have used moron ;-) Maybe you shouldn’t have used 0day? Maybe you shouldn’t have used moron ;-)

]]> By: Alexander Sotirov http://www.links.org/?p=480&cpage=1#comment-274260 Alexander Sotirov Wed, 31 Dec 2008 17:44:38 +0000 http://www.links.org/?p=480#comment-274260 I'm one of the researchers who published the MD5 collision attack in question. Ben, the main reason to notify vendors before disclosing a vulnerability is to prevent its exploitation by criminals. Since we did not release the code necessary to repeat this attack and we talked to the affected CAs before we went public, I feel that we've done all that was required to protect people from malicious attacks. What would OpenSSL have done if we had told you about the attack a few weeks ago and why can't you do it just as easily post-disclosure? Alexander Sotirov I’m one of the researchers who published the MD5 collision attack in question.

Ben, the main reason to notify vendors before disclosing a vulnerability is to prevent its exploitation by criminals. Since we did not release the code necessary to repeat this attack and we talked to the affected CAs before we went public, I feel that we’ve done all that was required to protect people from malicious attacks.

What would OpenSSL have done if we had told you about the attack a few weeks ago and why can’t you do it just as easily post-disclosure?

Alexander Sotirov

]]> By: Thomas http://www.links.org/?p=480&cpage=1#comment-274249 Thomas Wed, 31 Dec 2008 14:38:58 +0000 http://www.links.org/?p=480#comment-274249 That looks like the default OpenSSL comment string: [http://www.technoids.org/openssl.cnf.html#S_usr_cert_Section]. It's not MD5-specific as I use the field on my own SHA-1 certificates (I use OpenSSL to generate my own certificates for stunnel and the like). That looks like the default OpenSSL comment string: [http://www.technoids.org/openssl.cnf.html#S_usr_cert_Section]. It’s not MD5-specific as I use the field on my own SHA-1 certificates (I use OpenSSL to generate my own certificates for stunnel and the like).

]]> By: Ben http://www.links.org/?p=480&cpage=1#comment-274120 Ben Tue, 30 Dec 2008 22:08:33 +0000 http://www.links.org/?p=480#comment-274120 It's not that I feel left out. That happens all the time. It's that I'm working. At 10pm. When I'm on holiday. It’s not that I feel left out. That happens all the time. It’s that I’m working. At 10pm. When I’m on holiday.

]]> By: David W http://www.links.org/?p=480&cpage=1#comment-274107 David W Tue, 30 Dec 2008 21:35:30 +0000 http://www.links.org/?p=480#comment-274107 Insert "http://erratasec.blogspot.com/2008/12/not-all-md5-certs-are-vulnerable.html" after "Per e.g." Insert “http://erratasec.blogspot.com/2008/12/not-all-md5-certs-are-vulnerable.html” after “Per e.g.”

]]> By: David W http://www.links.org/?p=480&cpage=1#comment-274106 David W Tue, 30 Dec 2008 21:34:44 +0000 http://www.links.org/?p=480#comment-274106 Paragraph 1: so your attack on the researchers was due to you feeling left out? The vulnerability in its current state affects only one company running a particularly ill designed CA. Not only are they leaking private business information, but their entire service is synchronised on a single integer sitting in a single SQL database on a single server somewhere. This is an attack that affects one sucky CA. Paragraph 2: for that reason, this attack isn't actually all that shocking. At the most it is nothing we shouldn't already have come to expect, and a shameful display of lax procedures at a particular CA. Per e.g. , the addition of a well though out serial number field largely mitigates this attack, and blanket disabling MD5 support is little but a knee jerk reaction that will likely lead to pain sometime in the future. What I'd rather see as a result of this news is a hearty discussion regarding how that sucky CA ended up being a trusted root in every major browser in the first place. Paragraph 1: so your attack on the researchers was due to you feeling left out? The vulnerability in its current state affects only one company running a particularly ill designed CA. Not only are they leaking private business information, but their entire service is synchronised on a single integer sitting in a single SQL database on a single server somewhere. This is an attack that affects one sucky CA.

Paragraph 2: for that reason, this attack isn’t actually all that shocking. At the most it is nothing we shouldn’t already have come to expect, and a shameful display of lax procedures at a particular CA. Per e.g. , the addition of a well though out serial number field largely mitigates this attack, and blanket disabling MD5 support is little but a knee jerk reaction that will likely lead to pain sometime in the future.

What I’d rather see as a result of this news is a hearty discussion regarding how that sucky CA ended up being a trusted root in every major browser in the first place.

]]> By: Jon Callas http://www.links.org/?p=480&cpage=1#comment-274100 Jon Callas Tue, 30 Dec 2008 20:28:49 +0000 http://www.links.org/?p=480#comment-274100 Stop signing with MD5. Continue to verify. People should have stopped signing with MD5 sometime last century, but you want to be able to verify that signature that's been sitting on optical media since '95. J Stop signing with MD5. Continue to verify. People should have stopped signing with MD5 sometime last century, but you want to be able to verify that signature that’s been sitting on optical media since ‘95.

J

]]>