Blog Archives

MD5 Collisions: Forged ICA

The attack presented yesterday at the CCC is very interesting. The researchers were able to predict the serial number by monitoring certificate issuance rates from a Certificate Authority, and use that information to mount a pretext attack against a future issued certificate whereby they generated an Intermediate CA cert with the same MD5 hash as the certificate they would request in the future. (I know that is a little difficult to parse.)

Posted in Hacks, Cracks, and Attacks, Hash Algorithms Tagged with: ,

Hashing: Trusting the Black Box

Hash algorithms are widely used for a variety of tasks including verifying data integrity, authenticating passwords, and signing certificates. For the laymen the hash algorithm seems like a magic sausage grinder: dump in whatever you have and out comes a unique number. The trouble is, the internal mechanics of a hash algorithm are less like a simple mechanical machine and more like a Rube-Goldberg device. The internal mechanisms of bit shifting and mathematics would be incomprehensible to most who place blind faith in the algorithm’s ability to generate “unique” numbers.

Posted in Hash Algorithms Tagged with: ,