Security team successfully cracks SSL using 200 PS3's and MD5

Marshall Eubanks tme at multicasttech.com
Sat Jan 3 15:36:08 UTC 2009


On Jan 3, 2009, at 9:38 AM, Dorn Hetzel wrote:

> Would using the combination of both MD5 and SHA-1 raise the  
> computational
> bar enough for now,

I have never seen this recommended (and I do try and follow this).

> or are there other good prospects for a harder to crack
> hash?

The Federal Information Processing Standard 180-2, Secure Hash  
Standard, specifies algorithms for computing five cryptographic hash  
functions — SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.

SHA-256 is thought to be still safe, unlike SHA-1

http://eprint.iacr.org/2008/271
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

and its use is recommended by RFC4509.
http://tools.ietf.org/html/rfc4509

So, I would use SHA-256 if possible. (SHA-224 is a truncation of -256  
- see rfc3874.)

There is, BTW, a competition to find a replacement.

http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

Regards
Marshall

>
>
> On Sat, Jan 3, 2009 at 9:35 AM, William Warren <
> hescominsoon at emmanuelcomputerconsulting.com> wrote:
>
>> Dragos Ruiu wrote:
>>
>>>
>>> On 2-Jan-09, at 9:56 AM, Robert Mathews (OSIA) wrote:
>>>
>>> Joe Greco wrote:
>>>>
>>>>> [ ....  ]
>>>>>
>>>>> Either we take the potential for transparent MitM attacks  
>>>>> seriously, or
>>>>> we do not.  I'm sure the NSA would prefer "not."  :-)
>>>>>
>>>>> As for the points raised in your message, yes, there are  
>>>>> additional
>>>>> problems with clients that have not taken this seriously.  It is,
>>>>> however,
>>>>> one thing to have locks on your door that you do not lock, and  
>>>>> another
>>>>> thing entirely not to have locks (and therefore completely lack  
>>>>> the
>>>>> ability to lock).  I hope that there is some serious thought  
>>>>> going on in
>>>>> the browser groups about this sort of issue.
>>>>>
>>>>> [ ... ]
>>>>>
>>>>> ... JG
>>>>>
>>>>
>>>> F Y I, see:
>>>>
>>>> SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
>>>> certificates @
>>>> http://www.codefromthe70s.org/sslblacklist.aspx
>>>>
>>>> Best.
>>>>
>>>
>>> Snort rule to detect said...
>>>
>>> url: http://vrt-sourcefire.blogspot.com/2009/01/md5-actually-harmful.html
>>>
>>> alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"POLICY  
>>> Weak SSL
>>> OSCP response -- MD5 usage"; content:"content-type:
>>> application/ocsp-response"; content:"2A 86 48 86 F7 0D 01 01 05";  
>>> metadata:
>>> policy security-ips drop, service http; reference: url,
>>> www.win.tue.nl/hashclash/rogue-ca/; classtype: policy-violation;
>>> sid:1000001;)
>>>
>>> cheers,
>>> --dr
>>>
>>> --
>>> World Security Pros. Cutting Edge Training, Tools, and Techniques
>>> Vancouver, Canada  March 16-20 2009  http://cansecwest.com
>>> London, U.K. May 27/28 2009 http://eusecwest.com
>>> pgpkey http://dragos.com/ kyxpgp
>>>
>>>
>>>
>>> Everyone seems to be stampeding to SHA-1..yet it was broken in  
>>> 2005.  So
>> we trade MD5 for SHA-1?  This makes no sense.
>>
>>





More information about the NANOG mailing list