You know the lock icon in your browser that tells you your banking Web site is safe and you are secure? As of yesterday we've learned this icon may be meaningless. Yesterday a presentation was given at the Chaos Communication Congress that exposed a flaw in the way SSL certificates are handed out. In their presentation they explained that this icon, in some cases, can be completely spoofed. When you combine this with the fact that people can ALSO spoof your domain name you have the potential to have a banking Web site that looks and feels EXACTLY like your banking Web site (and even "validates" as your bank) that is...well...not your bank.
Not all hope is lost though. There's a good way (SHA-1) and a bad way (MD5) to make these certificates. So your bank might be completely fine and things will carry on as per usual. But here's the kicker: it's impossible to know which of the two were used to create the certificate that is authenticating the Web site you are using. Expect to see more information in the weeks and months to come as security experts try to figure out how to get us out of this colossal mess.
The technical information is available from MD5 Considered Harmful Today (the paper). Video from the CCC presentation is also available from their site, sort of. I think you need to download the whole day of video for that room. Please correct me if you know otherwise, or leave a link to the actual video in the comments.
And to bring in the new year and to "celebrate" this minor security catastrophe, I'll spend the evening at home quilting in front of the wood stove. If you're local, please drop by and say hello.
PS Thanks to Matthew and Leigh and Nik for the heads up and the explanations about why I needed to care (and why you should too).
Actually, you can see what
Actually, you can see what algorithm a website's SSL certificate was generated with. In Firefox, double click the padlock icon, click on the Details tab and highlight the "Certificate Signature Algorithm" to get something like "PKCS #1 SHA-1 With RSA Encryption"
oops, missed a step. After
oops, missed a step.
After double clicking the padlock icon, click on the "View Certificate" button *then* click on the Details tab ...
My understanding is that
My understanding is that this step is irrelevant because, "It's not even the certificate that matters, it's the certificate that signed the certificate that signed it."
I was not aware that some
I was not aware that some people used MD5 for this, I have always considered basic MD5 rather insecure (not enough bits for my liking). Is there anywhere that lists people (just high visibility people maybe?) that use MD5 in this way? or at the very least some advice about what security measures to take? I can't very well just stop going to my bank and paypal and such...
You may want to read the
You may want to read the technical "paper" that I linked to. It already has an official response from Microsoft, Mozilla and VeriSign. http://www.win.tue.nl/hashclash/rogue-ca/
Also: in the FAQ of the same URL it seems as though existing certificates are fine (even the "bad" ones). The problem is when someone spoofs a domain name AND pairs this with a fake certificate. The unknown question is "is it worth it to try and do both at once to get financial data." Maybe this exploit is too "hard" for anyone to take advantage of. I don't think we know yet. But we do know it is now possible.
Specifically:
So I think it comes down to: Be wary, and watch for more information on this topic. I'm sure that lots of people will have more to say about this in the weeks to come.
Looking at the final setence
Looking at the final setence in the answer above, it seems that a solution is to make sure that your DNS server is patched against the DNS spoofing vulnerability. Since I could not control my ISP DNS server, I changed my home network to use OpenDNS instead. It was patched soon after the exploit came out. You can check if your DSN server is patched using the "Check DNS" button in
http://www.doxpara.com/
Remember to check the DNS before using a bank from an unsafe network.
Is there any way of
Is there any way of disabling the acceptance of md5 signed certificates in firefox?
Not that I know of; however,
Not that I know of; however, you may wish to monitor the Mozilla Web site for more information. They have already issued a comment about the exploit at: http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to...
There is a SSL-blacklist
There is a SSL-blacklist extension for Firefox, I recommend it, it had a check for md5: http://codefromthe70s.org/sslblacklist.aspx
There is also a perspectives extension for Firefox which helps: http://www.cs.cmu.edu/~perspectives/
To disable MD5 checking in
To disable MD5 checking in Firefox
For windows apps see the MS KB article KB245030 . If you delete the MD5 registry key it will no longer check certificates with MD5 entries.
To disable MD5 on Windows:
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\MD5 /va /f
To renable MD5:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\MD5 /ve /f
The only downside is that if the certficate does not have an MD5 checksum then it will show as invalid. This change affects any application that uses the MS crypto API.
NSA is recommending SHA2-256
NSA is recommending SHA2-256 as a minimum acceptable hash now. SHA-1 has it's own issues, which are (currently) not as severe as MD5, but still not great.
my gosh... Might explain how
my gosh...
Might explain how some new malware can pull of their tricks too. They lead you to sites that ask for you to log in, some people see them as fine, and the browser often doesn't report them as fraudulent.
We use MD5 everyday, I am
We use MD5 everyday, I am sure NSA had it a long time ago