Alex Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David A Molnar, Dag Arne Osvik, Benne de Weger
Citation
Alex Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David A Molnar, Dag Arne Osvik, Benne de Weger. "MD5 considered harmful today: Creating a rogue CA certificate". Talk or presentation, 30, December, 2008; 25th Chaos Communications Congress, Berlin, Germany.
Abstract
We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.
Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats.
Electronic downloads
| Citation formats |
- HTML
Alex Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David A Molnar, Dag Arne Osvik, Benne de Weger. <a href="http://www.truststc.org/pubs/502.html" ><i>MD5 considered harmful today: Creating a rogue CA certificate</i></a>, Talk or presentation, 30, December, 2008; 25th Chaos Communications Congress, Berlin, Germany.
- Plain text
Alex Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David A Molnar, Dag Arne Osvik, Benne de Weger. "MD5 considered harmful today: Creating a rogue CA certificate". Talk or presentation, 30, December, 2008; 25th Chaos Communications Congress, Berlin, Germany.
- BibTeX
@presentation{SotirovStevensAppelbaumLenstraMolnarOsvikdeWeger08_MD5ConsideredHarmfulTodayCreatingRogueCACertificate, author = {Alex Sotirov and Marc Stevens and Jacob Appelbaum and Arjen Lenstra and David A Molnar and Dag Arne Osvik and Benne de Weger}, title = {MD5 considered harmful today: Creating a rogue CA certificate}, day = {30}, month = {December}, year = {2008}, note = {25th Chaos Communications Congress, Berlin, Germany.}, abstract = {We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats.}, URL = {http://www.truststc.org/pubs/502.html} }
Posted by David A Molnar on 28 Jan 2009.
Groups: trust
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.