The attack presented yesterday at the CCC is very interesting. The researchers were able to predict the serial number by monitoring certificate issuance rates from a Certificate Authority, and use that information to mount a pretext attack against a future issued certificate whereby they generated an Intermediate CA cert with the same MD5 hash as the certificate they would request in the future. (I know that is a little difficult to parse.)
The end result is an ICA that can issue certificates trusted by web browsers for any domain and allow main in the middle attacks against SSL/HTTPS connections. There were apparently a few CAs still using MD5 hashes for verification, but according to the presentation those have been contacted and are converting to another hash algorithm.
This research is another nail in the MD5 coffin and an example of real world exploitation of MD5’s growing weakness. You would be hard pressed to find a legitimate reason to continue using MD5 for any security related verification process in, and most technically minded agree. Even software releases are dual hashing if not switching to other hash algorithms totally. Unfortunately there are some less technical users in fields such as litigation support who do not have the background to understand the weaknesses or the ramifications of these exploits. I’ll have a future post soon with my take on that after another long email thread on the litsupport mailing list concerning this CCC presentation.
For those interested, the slides can be found at