Creating a rogue CA certificate
Today was given a nice presentation at CCC, entitled MD5 considered harmful today: Creating a rogue CA certificate.
It explains that, despite being broken since several years MD5 is still used is some important CA. Using this attack, they were able to generate a rogue CA certificate, and so were able to issue certificates which are marked as trusted by all browsers. As a result, the security of some websites like banks or e-commerce could be severely compromised !
So it seems that, unlike people promising the end of the world (like Dan Kaminsky at BlackHat 2008, Kris Kapersky at HITB, and Robert E. Lee and Jack C. Louis at T2 and Sec-T), this one could really lead to some serious consequences.
Congrats to them !
Solutions:
- Ban MD5 and such certificates (like those issued by RapidSSL, even in 2008)
- For CA implementations, randomize the serial of issued certificates could help mitigate the problem
Links:
- The website (very good explanation)
- The rogue CA certificate (pem format)
- The real CA certificate (pem format)
- The presentation (ppt)