As many of you would know, a paper was presented at the 25th Chaos Computer Conference in Germany last week (27th to 30th December) providing details on a practical (and demonstrable) implementation of MD5 collisions to produce false SSL certificates. The details on this attack, and the presentation that was made, can be found here:

http://www.win.tue.nl/hashclash/rogue-ca/
http://www.win.tue.nl/hashclash/rogue-ca/downloads/md5-collisions-1.0.pdf

For those of you who just want the condensed version, summarised details are provided below. This text is copied from the following location:
http://www.withamlabs.com/component/content/article/226-fake-ca-cert-produced-using-md5-collision.html

This new paper is based on the previous research into MD5 collisions, and specifically utilises the research for chosen prefix collisions. A 'chosen prefix' collision is where the start of each pre-image - that is the data to be signed - can be arbitrarily chosen by the attacker, so that two sets of data to be signed can have different beginnings, but still produce the same MD5 hash output.

The production of this identical MD5 output is due to the insertion of a string of 'collision bits' within each of the two data sets, that essentially forces the intermediate MD5 calculations at this point to the same value. Therefore, after the processing of the 'collision bits' within the MD5 algorithm, as long as all other parts of the two data sets are the same, the MD5 hash output will be identical for both data sets.

So, in the context of this research, the researchers chose two certificates with two different beginnings - one for an innocuous end use website, and one for a mid level Certificate Authority (CA) - and then calculated the 'collision bits' that would make these two certificates produce the same MD5 hash.

The final part of the puzzle is that the researchers found a CA that was issuing certificates with incrementing serial numbers - that is, each certificate issued would have a serial number +1 from the last issued certificate. This is important because the certificate serial number is contained at the start of the certificate, and therefore must be known for both certificates before the 'collision bits' can be calculated (ie the serial number is part of the certificate 'prefix').

So, putting it all together, the researchers requested a certificate to be signed from the CA, and noted the serial number 'S'. They then calculated the 'collision bits' for the innocuous certificate (created earlier) with a serial number 'S' + 1000, and the bogus CA certificate (also produced earlier). The calculations took around 2 days on a cluster of 200 PS3 consoles.

Once they had the 'collision bits', they were then inserted into the two certificates, resulting in the fact that an MD5 calculation across either certificate would produce the same hash output, even though the two certificates had different contents. The researchers then moved on to gain signatures across these colliding certificates.

The certificate serial number issued by the CA was incremented to 'S' + 999 (ie one less than 'S' + 1000) by issuing repeated certificate signing requests. With the serial number set at the correct value, the innocuous certificate was sent to the CA for signing. At this point, the same signature is transfered onto their bogus CA certificate, creating a fake CA certificate which could be used to validate the signature (they created) on any other (arbitrary and malicious) certificate.

To be clear, the CA certificate produced by the researchers would be accepted by any browser because it is signed by a trusted root CA. Therefore, any end use website certificate signed by this bogus CA certificate would be accepted.

This was demonstrated in practice at the Chaos Computer Conference by having people in the audience connect to any arbitrary SSL website, the researchers has set up a system that would intercept the HTTPS request and return a malicious certificate (signed by their CA) which was accepted by the browser.

This is a text book example of a Man-In-The-Middle attack, and because it the researchers are this Man-In-The-Middle using their CA to sign malicious certs, the hash algorithm, key length or ciphersuite of the end connection website does not matter. Ensuring that your cert does not use MD5 will not protect you against this type of attack.


Now, this is a perfect example of why MD5 is not acceptable for use in secure systems. It is also a perfect example of why PCI does not accept the use of MD5 hashes in any of its standards.

It should be noted that this attack is not a 'pre-image' attack on MD5 - that is, it does not recover the plaintext from an MD5 hash. As it requires the attacker to choose the start of both datasets to create the collision, it is also not an attack that could create collisions in hashed password files, to allow for the calculation of a 'collision password' that would be considered as the same as the one registered by the valid user.

While the whole process is very interesting, I think the most disconcerting thing was that it was all done using a whole bunch of PS3s as the 'supercomputer' complex.

If they can deconstruct an MD5 hash with such a contraption, how will something like 3DES stand up? I'm guessing that if this group wants another target, it will attack 3DES. NIST has been warning for years to migrate away from 3DES as it was just a matter of time before it was compromised. It's possible that finally 3DES's time has come.

Even the best attacks on (112 bit key) 3DES (that don't attack the protocol, rather than the algorithm) require considerably more effort than finding collisions in MD5. Off the top of my head, the work effort required for MD5 is around 2^40 calculations, whereas the best attack on 3DES (which is impractical against most systems, due to an excessive number of plaintext/ciphertext pairs required) is 2^80.

Therefore, 3DES has an addition work effort of 2^40 - put another way, all things being equal, if finding MD5 collisions takes a day, then it would take 2^40 days (which is 1099511627776 days, or around 3 billion years) to crack 3DES.

That is not to say I don't think we shouldn't migrate away from 3DES; NIST SP 800 57 recommends that 112 bit 3DES is only used to secure data until only 2010 (although 168 bit 3DES can be used to secure data until 2030). However, there are often problems moving from 3DES to AES, due to block length (3DES has a 64 bit block length, and AES has a 128 bit block length).

The place where this is most obvious is in encrypted PIN blocks. These are designed to be 64 bits long, and the financial messages that carry these encrypted PIN blocks are designed to accomodate only 64 bits in this field.

Standards bodies are now working on how to accomodate AES encrypted PIN blocks, but if you had any visibility into how long it took to change from single to triple DES (which did not affect block length), then you can understand how long the change to AES is likely to take.

While I agree with your analysis, what has always worried NIST is that the keys used by most end-users are not very strong. And given my experience with my customers, I would have to agree with NIST's analysis. And while the keys generated are likely longer than 112-bits, because they are 'lame' keys, they are readily crackable with only your 2^40 calculations or less.

And while bad keys create problems with any encryption system, NIST has always been concerned about 3DES just because it was seen as the next most likely target since it's based on DES and DES had already been cracked. And since the DES cracking code has been in the public domain for years, it's easy to get a hold of and modify for the PS3 complex to tackle 3DES.

That's not to say that someone might go after AES or Twofish, it's just more likely to go after 3DES. And who knows, like the flaws in MD5 that turned up a couple of years back, these 'researchers' might find flaws in 3DES as they go about their business.