SSL Certs Busted

European security researchers have demonstrated a weakness in a hash algorithm widely used for creating digital certificates to secure Web sites and sign e-mails.

The weaknesses, found in the MD5 hash algorithm, could be used as a basis to generate fraudulent X.509 Certification Authority certificates, allowing attackers to forge secure web sites, those that use the HTTPS protocol to ensure authenticity. Any other secure services that use the Secure Socket Layer (SSL), such as digitally-signed e-mail, could be vulnerable as well.

"MD5 hashes have been shown to be weak for a while now, and this is just yet another attack using these known weaknesses," wrote Johannes Ullrich of the SANS Internet Storm Center, in an advisory. "The attack is still not easy, but very much possible and not just 'theoretical.'"

The researchers created a phony certificate, one that appears to be issued by a root Certificate Authority (CA), or trusted issuer of certificates for Public Key Infrastructures (PKI). The team harnessed a system built of 200 Sony Playstation PS3s to generate a MD5 hash value identical to legitimate one issued by a CA. The process took about two days.

"Our work shows that known weaknesses in the MD5 hash function can be exploited in realistic attack," the researchers wrote in a paper explaining their work. "[D]ue to the fact that even after years of warnings about the lack of security of MD5, some root CAs are still using this broken hash function … The vulnerability we expose is not in the SSL protocol or the web servers and browsers that implement it, but in the Public Key Infrastructure."

The hash function is an operation that ingests a string of data and outputs another string, called the hash value. Since a hash value has no easily-decipherable relation to the original input, it typically may not be duplicated by using some other input. The MD5 algorithm, however, has been shown to be faulty in this manner: In 2004, researchers theoretically showed that identical hash values from different inputs could be created with the 128-bit MD5 hash algorithm. This recent announcement is one of the first demonstrations that a duplicate MD5 hash value can be created.

Although the National Institute of Standards and Technology has advised end-users to move from the MD5 to SHA-1, many commercial CAs still use MD5. The researchers reported that RSA and VeriSign still use MD5 for some of their certificates.

Only those certificates using the MD5 algorithm could be affected. Those based on the stronger SHA-1, SHA-256, SHA-384 or SHA-512 algorithms are not affected.

Microsoft has advised its customers to stop using any certificates that were generated by the MD5 hashing algorithm.

In the paper, the researchers sketched out a theoretical scenario in which attackers could build a phony secure Web site to which users are unsuspectingly redirected from the real site. To end-users, the site may look identical to the real site. When the users' browsers do the automatic certificate check, they'll find the forged certificate claims the phony site is the real, setting up users to conduct sensitive communications or business transactions with the attackers.

In response to the paper, VeriSign product marketing executive Tim Callan notedthat VeriSign has been in the process of phasing out MD5-based certificates, and the work did not jeopardize any certificates now in place.

"No end entity certificates are affected by this attack. The attack, when it worked, was a potential method for a criminal to create a new, false certificate from scratch. Existing certificates are not targets for this attack," he wrote.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (


  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

  • Microsoft Highlights Emerging Kubernetes Scalability and Governance Efforts

    Microsoft this week highlighted some emerging efforts to improve both the scalability and governance of the open source Kubernetes container orchestration service.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.