Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

Joe Greco jgreco at
Fri Jan 2 15:58:05 UTC 2009

> A team of security researchers and academics has broken a core piece
> of Internet technology. They made their work public at the 25th Chaos
> Communication Congress in Berlin today. The team was able to create a
> rogue certificate authority and use it to issue valid SSL certificates
> for any site they want. The user would have no indication that their
> HTTPS connection was being monitored/modified.

That's a bit of a stretch.  It doesn't seem that they've actually broken
"a core piece of Internet technology."  It's more like they've nibbled at
a known potential problem enough to make it a real problem.

According to the quoted article, "They collected 30K certs from Firefox
trusted CAs. 9K of them were MD5 signed. 97% of those came from RapidSSL."

I've seen other discussions of the topic that suggest that a variety of
CA's (one such discussion talked about "VeriSign resellers", and I believe
RapidSSL ~== VeriSign) are vulnerable.

Anyways, I was under the impression that the whole purpose of the
revocation capabilities of SSL was to deal with problems like this, and
that a large part of the justification of the cost of an SSL certificate
was the administrative burden associated with guaranteeing and maintaining
the security of the chain.  It seems like the major browser vendors and
anyone else highly reliant on SSL should be putting VeriSign and any other
affected CA's on notice that their continued existence as trusted CA's in
software distributions is dependent on their rapidly forcing customers to
update their certificates, an obligation that they should have expected to
undertake every now and then, even though they'll obviously not *want* to
have to do that.

I'm aware that the VeriSign position is that their existing certificates
are "not vulnerable" to "this attack," which I believe may be the case for
some values of those terms.  However, it is often the case that a limited-
effectiveness example such as this is soon replaced by a more generally-
effective exploit, and the second URL suggests to me that what VeriSign is 
saying may not be true anyways.

... JG
Joe Greco - Network Services - Milwaukee, WI -
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

More information about the NANOG mailing list