SSL Certs Busted

European security researchers have demonstrated a weakness in a hash algorithm widely used for creating digital certificates to secure Web sites and sign e-mails.

The weaknesses, found in the MD5 hash algorithm, could be used as a basis to generate fraudulent X.509 Certification Authority certificates, allowing attackers to forge secure web sites, those that use the HTTPS protocol to ensure authenticity. Any other secure services that use the Secure Socket Layer (SSL), such as digitally-signed e-mail, could be vulnerable as well.

"MD5 hashes have been shown to be weak for a while now, and this is just yet another attack using these known weaknesses," wrote Johannes Ullrich of the SANS Internet Storm Center, in an advisory. "The attack is still not easy, but very much possible and not just 'theoretical.'"

The researchers created a phony certificate, one that appears to be issued by a root Certificate Authority (CA), or trusted issuer of certificates for Public Key Infrastructures (PKI). The team harnessed a system built of 200 Sony Playstation PS3s to generate a MD5 hash value identical to legitimate one issued by a CA. The process took about two days.

"Our work shows that known weaknesses in the MD5 hash function can be exploited in realistic attack," the researchers wrote in a paper explaining their work. "[D]ue to the fact that even after years of warnings about the lack of security of MD5, some root CAs are still using this broken hash function … The vulnerability we expose is not in the SSL protocol or the web servers and browsers that implement it, but in the Public Key Infrastructure."

The hash function is an operation that ingests a string of data and outputs another string, called the hash value. Since a hash value has no easily-decipherable relation to the original input, it typically may not be duplicated by using some other input. The MD5 algorithm, however, has been shown to be faulty in this manner: In 2004, researchers theoretically showed that identical hash values from different inputs could be created with the 128-bit MD5 hash algorithm. This recent announcement is one of the first demonstrations that a duplicate MD5 hash value can be created.

Although the National Institute of Standards and Technology has advised end-users to move from the MD5 to SHA-1, many commercial CAs still use MD5. The researchers reported that RSA and VeriSign still use MD5 for some of their certificates.

Only those certificates using the MD5 algorithm could be affected. Those based on the stronger SHA-1, SHA-256, SHA-384 or SHA-512 algorithms are not affected.

Microsoft has advised its customers to stop using any certificates that were generated by the MD5 hashing algorithm.

In the paper, the researchers sketched out a theoretical scenario in which attackers could build a phony secure Web site to which users are unsuspectingly redirected from the real site. To end-users, the site may look identical to the real site. When the users' browsers do the automatic certificate check, they'll find the forged certificate claims the phony site is the real, setting up users to conduct sensitive communications or business transactions with the attackers.

In response to the paper, VeriSign product marketing executive Tim Callan notedthat VeriSign has been in the process of phasing out MD5-based certificates, and the work did not jeopardize any certificates now in place.

"No end entity certificates are affected by this attack. The attack, when it worked, was a potential method for a criminal to create a new, false certificate from scratch. Existing certificates are not targets for this attack," he wrote.

About the Author

Joab Jackson is the chief technology editor of Government Computing News (


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus