Monday 5 January 2009

New MD5 vulnerability announced

In 2006 two different MD5-signed certificates were created. A new stronger attack, announced last Wednesday (yes 30 Dec), allows the attacker to change more parts of the certificate, also the subject name. To use this "for fun and profit" one gets an MD5 end entity certificate from a CA (ideally one in the browser's keystore), and hacks it to create an intermediate CA which can then issue anything. Browsers generally accept this because then they trust the root and accept that the client sends an intermediate CA which the browser doesn't know about.
The IGTF's Risk Assessment Team (RAT) worked over the new year to analyse the threat and its implication for the Grid, including other attacks not proposed in the vulnerability announcement. The IGTF issued a statement about the vulnerability of the Grid. Essentially, CAs are trusted explicitly on the Grid (installed in/etc/grid-security/certificates) and the Grid is much less vulnerable than commercial PKIs (plus we have no CAs issuing MD5-signed end entity certs).
Note that while the Grid is not directly vulnerable, it is still possible to attack the Grid indirectly via the original proposal: e.g. if you fool the browser into thinking you're a trusted portal with a certificate from a commercial CA, and then you steal passwords such as MyProxy credentials.

No comments: