14% of SSL certificates on the Internet potentially unsafe

Netcraft provided more details on a critical digital certificate vulnerability revealed last week. Although Microsoft downplayed the problem by stating that the successful exploit was not published, Netcraft found that 14% of SSL certificates use the vulnerable MD5 hashing algorithm. That number may provide a large enough target for attackers to invest time into cracking MD5, while certificate authorities will have a choice of using MD5 and hope that it will not be cracked or transitioning to a stronger encryption technology such as SHA-1.
##CONTINUE##
A digital certificate is what we typically rely on as evidence for a secure encryption to another website. Especially when we want connection to be protected, for example during money transactions and online banking, these certificates provide proof that we are in fact dealing with an intended website and not, for example, a phishing attack. However, that may no longer be the case as researchers demonstrated last week that it is possible to create to create a rogue certification authority (CA) that is “trusted by all major web browsers and a cluster of more than 200 commercially available game consoles” by using an advanced implementation of a strategy called collision attack.

Collision attacks aimed at MD5 were first demonstrated in 2004, which created two different messages with the same digital signature. In 2007, collision attacks were advanced and enabled researchers to create virtually any two messages they wanted. With a rogue CA in place, it is clear that any MD5-based certificate on the Internet is vulnerable. But how likely is such an attack and how many MD5 certificates are there on the Internet?

Internet analysis firm Netcraft did some research and discovered that there are currently 135,000 valid third party digital certificates using MD5, which translates into about 14% of all existing certificates on the Internet. The firm found that the “majority of certificates are from RapidSSL (shown as Equifax on the certificate).” All of the 128,000 RapidSSL certificates in use were signed with MD5, Netcraft said. The remaining 7000 vulnerable certificates from Thawte and Verisign, but the analysis firm noted that most of their certificates are signed with the SHA-1 algorithm, which is currently believed to be secure. All other certificates on the Internet use only SHA-1.

“Verisign (owners of RapidSSL since 2006) have stated that they have stopped using MD5-signing for RapidSSL certificates, and will have phased out MD5-signing across all their certificate products by the end of January 2009,” Netcraft wrote. “Other affected CAs are likely to follow suit, as SHA-1 is well established and is already in use for the majority of SSL certificate signing, so it should be simple to switch to using this more secure alternative. Once it is impossible to obtain new certificates signed with MD5, this attack will be neutralized.”

Microsoft recently told its customers that it “is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm.” However, the company said that “this new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information.”

While Microsoft said that it is not aware of any active exploits of the vulnerability and stressed that it is not a Microsoft-specific vulnerability, it advised users to ask their certificate authority “for guidance” and to make sure that trusted connections to web sites use at least Extended Validation (EV) certificates, which “show a green address bar in most modern browsers. These certificates are always signed using SHA-1 and as such are not affected by this newly reported research.”

Netcraft agreed and added that “this shows that requiring minimum standards from the CAs can have positive effects.” However, it also noted that browser vendors will have to “take note” and need to require “similar minimum standards to other certificates.”

-----------------------------
BY Wolfgang Gruener
Source：tgdaily