RealTime IT News

Certificate Flaw May Threaten Secure Web Sites - Page 2

Page 2 of 2

Sotirov and his colleagues said the weakness they discovered in MD5 could allow for transparent man-in-the-middle attacks , in which a hacker connects independently with victims on each end of an electronic conversation, intercepts their messages and replaces them with their own -- so victims believe mistakenly that they are talking directly to each other over a private connection.

VeriSign's Callan said his company had planned to get rid of MD5 in its certificates by the end of January, and added that today's vulnerability report forced it to speed up its plans to overhaul its public key infrastructure, also known as PKI .

"The PKI community has been transitioning away from MD5, but a large-scale PKI system like SSL has hundreds of thousands, if not millions, of people depending on it, so the process of transitioning from it takes years," he said.

He said VeriSign is now using SHA-1 (short for Secure Hash Algorithm) instead of MD5. SHA-1 was developed by the National Security Agency (NSA) in 1993 to replace MD4 and MD5. It was followed by SHA-2. With both versions of SHA also facing threats, however, the U.S. Department of Commerce's National Institute of Standards and Technology has begun encouraging the development of replacements.

Despite the effort to move away from MD5, VeriSign played down the threat.

Christina Rohall, a spokesperson with the company, said in an e-mail to that MD5 is trusted only as a relatively low level of security and only used for a small percentage of the total number of SSL certificates in existence.

In addition to Rapid SSL, five other certification authorities issued certificates signed with MD5 in 2008, according to the researchers' Web site. They are VeriSign itself, FreeSSL, TC TrustCenter, RSA Data Security and Thawte.

However, Paul Kocher, president and chief scientist at cryptography vendor Cryptography Research, told that the number of certificates impacted is not important.

"The disturbing thing is that this kind of attack is that it breaks the core trust model SSL relies on," he said. "This is the sort of thing SSL is supposed to protect you against."

Kocher agreed added that an attack based on the researchers' findings would require a lot of power because of their approach, which was relatively complex compared to the ease of cracking MD5 in most cases.

"Attacks against MD5 generally can be done on a laptop in a matter of minutes and breaking MD5 generically is very easy to do," he said.

[cob:Special_Report]Tamir Hardof, group manager for product marketing for network security products at security vendor Check Point Software (NASDAQ: CHKP), agreed that secure online sites could hypothetically be affected by the vulnerability uncovered by the researchers, but that their attack is too complicated to be launched readily.

"You'd need a pretty significant amount of work to take advantage of this flaw, and the hacker would need a lot of motivation," he told

Yet VeriSign's Rohall blasted the team's disclosure of the vulnerability.

"We take an issue like this seriously and are disappointed we were not given the opportunity to learn of the findings before they were made public," she said.

Update adds additional comments from VeriSign and Kocher.