Using PS3's To Forge Site Certificates - Verisign discontinues flawed MD5 certificates
Links: home · search · speed test · login · more ·
Using PS3's To Forge Site Certificates
Verisign discontinues flawed MD5 certificates
(old news - 09:02AM Friday Jan 02 2009)
tags: security · software · networking
Tipped by KeysCapt
User KeysCapt writes in: "Researchers using 200 PlayStation 3's, a sophisticated attack on the ailing MD5 hash algorithm, and a slip-up by Verisign claim to have found a method of hacking any website, in the interest of improving web security. As a result Verisign says it's stopped using MD5, as of around noon Pacific time December 30. "We're disappointed that these researchers did not share their results with us earlier," writes Verisign's Tim Callan, "but we're happy to report that we have completely mitigated this attack."

Some additional discussion of this can be found in our security forum. Princeton Professor Ed Felten has a good layman's explanation of what the discovery means. Resident security expert Steve Friedl offers up his guide to cryptographic hashes. The actual research note can be found here, while a response by Verisign's Tim Callan can be found here.

Related:
  1. An Internet Immune System
  2. Want To Work On Tor?
  3. Wesley Clark: P2P a National Security Threat
  4. Tuesday Evening Links
  5. Wednesday Evening Links
  6. FoxNews.com Serving Up Infected Ads?
  7. Uh, Mom? The Air Force Just Attacked Our PC
  8. Google Starts Discussion About Speeding Things Up
Links: New Topic
Forums »

espaeth @ 2nd Jan 09:07AM:
For those wondering "Why Playstation 3s?"

There's a nice overview here: »people.csail.mit.edu/tromer/slid···rump.pdf
reply
TSI Gabe @ 2nd Jan 09:13AM:
Re: For those wondering "Why Playstation 3s?"

Yeah I've coded an MD5 algo myself for the PS3 and it does 80 million hashes per second.

This may not look like a lot, but its just about as much as a very expensive Xeon server so your bang for the buck is quite real.
reply
MxxCon @ 2nd Jan 10:59AM:
KARL, YOU ARE WRONG.

how can you post a story without even reading it?!
THEY NEVER SAID THEY "have found a method of hacking any website".

what they did say was that they "found a way to forge certain digital certificates"

THAT'S A HUGE DIFFERENCE.

your own link to our forum says »SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website"

KARL, STOP SPREADING FUD!

--
Check out my awesome city of MxxTopia »mxxtopia.myminicity.com/ind or »mxxtopia.myminicity.com (the more people visit, the bigger it is)
reply
Cheese @ 2nd Jan 11:17AM:
Re: KARL, YOU ARE WRONG.

said by MxxCon :

how can you post a story without even reading it?!
THEY NEVER SAID THEY "have found a method of hacking any website".

what they did say was that they "found a way to forge certain digital certificates"

THAT'S A HUGE DIFFERENCE.

your own link to our forum says »SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website"

KARL, STOP SPREADING FUD!

And the article says CLAIM, not they they DID, can YOU read?
reply
MxxCon @ 2nd Jan 11:28AM:
Re: KARL, YOU ARE WRONG.

they never CLAIMED to have found a method of hacking any website either.
reply
rdmiller @ 2nd Jan 12:39PM:
Not news

The flaw is in the process of issuing new MD5 certificates. If no one is issuing new MD5s, this is not a problem.
reply
Steve @ 2nd Jan 01:03PM:
Re: For those wondering "Why Playstation 3s?"

said by TSI Gabe :

Yeah I've coded an MD5 algo myself for the PS3 and it does 80 million hashes per second.
What ever happened to 30 billion hashes per second?
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site
reply
beaups @ 2nd Jan 02:36PM:
Re: For those wondering "Why Playstation 3s?"

lol I was just wondering the same thing
reply
TSI Gabe @ 2nd Jan 02:53PM:
Re: For those wondering "Why Playstation 3s?"

That was the C compiler optimizing my code into doing nothing quite literally. Sometimes those C optimizations don't really help...
reply
Steve @ 2nd Jan 02:59PM:
Re: For those wondering "Why Playstation 3s?"

said by TSI Gabe :

That was the C compiler optimizing my code into doing nothing quite literally. Sometimes those C optimizations don't really help...
It's far more likely that your optimizer found a bug in your code than you found a bug in the optimizer.

The problem with compilers is that they do exactly what you ask them too bad women and children won't follow that example ;-)

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site
reply
k1ll3rdr4g0n @ 2nd Jan 03:34PM:
Re: KARL, YOU ARE WRONG.

said by MxxCon :

how can you post a story without even reading it?!
THEY NEVER SAID THEY "have found a method of hacking any website".

what they did say was that they "found a way to forge certain digital certificates"

THAT'S A HUGE DIFFERENCE.

your own link to our forum says »SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website"

KARL, STOP SPREADING FUD!

I have to agree with you. Though they claim its just a "proof-of-concept" aka POC or Piece o' cr4p. I love how people always go "omgz its a new exploitz, lets all freak out" - and never actually demonstrates that it works. I mean what the hell people, so if I sat there and said that I found a "POC" exploit for Linux servers would you all jump out of your chair and go "I'm switching to Windows Server". I hope not (assuming I could explain exactly how it worked).

And actually this is partly the browsers fault, and the HTTPS scheme as a whole. I mean I just find the whole idea of *paying* for security a little unsecure. CA's don't maintain SSL, so why should we shell out $$$ to them? But, whatever, back to the point at hand. So lets point out the browser: its stupid. It wont tell you *what* CA verified (unless you manually look) the cert, just that its good; wait...so a cert from ABC company is as valid of a cert from verisign? Uhhh...I see something wrong with that myself but regardless.

I actually did see that a long time ago that 2 (chinese?) people claimed to have "broken" the MD5 algorithm (they claimed they were able to determine collisions or something like that...). They never posted any evidence, just that they broke it. Here it is, what a couple years later, I haven't seen a story on how MD5 is really broken, have you? What makes that even more of a laugh is that MD5 isn't an encryption, its just a hash algorithm. What makes THIS story a laugh too is that MD6 was talked about a long time and seems to be available for your greedy downloading hands.
My question I propose to you:
If MD6 is available, why not use THAT in certificates instead of MD5? After all, don't we trust in CA's to keep our sites and data secure and encrypted? I know I sure don't for my own sites/services (you might be like "wtf?", but I am coming with a solution to that).

In my conclusion, its merely just a response to increase of technology. Its like saying you can find the prime numbers to a 20 digit (I don't know, some obscene number) composite number in a matter of seconds on a quad core, with 64bit os with 4GBs of RAM. Yeah, its defiantly going to make that large number look like nothing on modern technology, but when the number was put out there - the technology at the time couldn't handle it. So - there's nothing to see here, move along.
reply
R4M0N @ 2nd Jan 04:06PM:
Congratulations

This is the first site I regularly frequent where this topic did not turn into a fanboy bash-fest about the virtues/flaws of the PS3.

There's still hope for geek humanity. :D
reply
TSI Gabe @ 2nd Jan 04:09PM:
Re: For those wondering "Why Playstation 3s?"

No Actually removing a printf simply displaying the value being calculated completely removed the md5 function from the code.
reply
Steve @ 2nd Jan 04:28PM:
Re: For those wondering "Why Playstation 3s?"

said by TSI Gabe :

No Actually removing a printf simply displaying the value being calculated completely removed the md5 function from the code.
The compiler did what it was supposed to do: if you were calling a function that had no side effects, it knew that it could eliminate the call without having any effect on correct operation. It was right.

Benchmarking is a known science; calling your operation in a way that insists on a side effect (as I'm sure you found) lets you get the effect you want.

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site
reply
KeysCapt @ 2nd Jan 05:04PM:
Not Karl's Fault

That isn't Karl's fault ... if there are any inaccuracies, I'm the one who provided the info from the Wired.com article. It states, "A powerful digital certificate that can be used to forge the identity of any website on the internet is in the hands of in international band of security researchers, thanks to a sophisticated attack on the ailing MD5 hash algorithm, a slip-up by Verisign, and about 200 PlayStation 3s." Their original blog pointer to the story, now gone, included the "we can hack anything" suggestion.
reply
sporkme @ 2nd Jan 08:29PM:
Re: KARL, YOU ARE WRONG.

said by k1ll3rdr4g0n :

[
If MD6 is available, why not use THAT in certificates instead of MD5?
Hell, why not just turn it all the way up to MD11???
reply
sporkme @ 2nd Jan 08:36PM:
Anyone get a replacement cert?

I emailed RapidSSL support about this the day it was published and heard nothing. Now I see official press releases indicating that they will re-issue MD5-signed certs, but no mention of this on the RapidSSL site and no response from support.

Anyone found any more info on getting a reissue?
--
with every mistake we must surely be learning
reply
Kearnstd @ 3rd Jan 09:30AM:
Re: For those wondering "Why Playstation 3s?"

PS3s really are being used in ways that Sony never intended lol. how long till DARPA builds a supercomputer of 5000 PS3 CPUs lol.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports
reply

Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC