Esto es serio. Muy serio.
We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.
Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 “collision”. Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats.
This successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites.
The infrastructure of Certification Authorities is meant to prevent exactly this type of attack. Our work shows that known weaknesses in the MD5 hash function can be exploited in realistic attack, due to the fact that even after years of warnings about the lack of security of MD5, some root CAs are still using this broken hash function.
Co-authored by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger
Further details:
- Detailed explanation
- Slides from the 25c3 presentation
- Demo site (set your system date to August 2004 before clicking)
Colliding certificates:
This work was presented at the 25th Chaos Communication Congress in Berlin on December 30, 2008.
¿Qué significa?
Hasta ahora, si querías saber si una página (un banco, una tienda, etc.) era auténtica, podías mirar el certificado digital si la conexión es via SSL (https://) A partir de ahora, eso podría no servir para nada.
En resumen, una era dorada del phishing. Bueno, los expertos dicen que no es para tanto. Ver artículos en Securosis y en Layer 8 llamando a la calma y a la cordura.
2 respuestas a “Colisiones y certificados”
Bueno, me ha gustado el enfoque de Layer 8: “el que no iba a tener cuidado ahora seguirá sin tenerlo”.
Para cosas muy importantes (bancos, email, y cosas por el estilo) yo siempre entro a partir de un marcador(favorito), nunca se me ocurriría llegar allí por un enlace que he encontrado en una web cualquiera, el mayor riesgo posible es un ‘mispelling’ de la URL completa, pero aún así siempre vuelvo a leer la dirección antes de enviar ningún dato.
P.D. Esto es lo que hago el 90% de las veces, ya sabemos que muchas veces no seguimos nuestro propios consejos de seguridad.
Bueno, segun parece solo pasa con algunas CAs que expeden certificados que usan el MD5, asi que a lo malo, que se saquen de las listas de certificados “confiables” esos proveedores, no?
http://www.win.tue.nl/hashclash/rogue-ca/#sec5
Lo que alucino es q sigan usando ese algoritmo cuando saben de sobra que está superado. Lo de Layer8 me parece bien, pero lo mismo le quita demasiada importancia al hecho. Yo creo que es serio, aunque no critico.