Friday, January 2, 2009

Md5 actually harmful

You probably shouldn't take any other view of this vulnerability into consideration. Some amazing research and dedication went into proving this vulnerability is realistic and viable. You should note that detection of it is not really feasible; the bad certs look exactly like valid ones. The fact that a site you frequent doesn't currently use an MD5 summed cert is irrelevant. In my opinion, the best way to protect against this attack is to utilize a browser plugin which would store the cert for every site you visit and alert you when it's changed, much in the same way ssh does. If you're interested in knowing when you've been sent a cert that's MD5 summed, you can use this quick and dirty snort rule:

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"POLICY Weak SSL OCSP response -- MD5 usage"; content:"content-type: application/ocsp-response"; content:"2A 86 48 86 F7 0D 01 01 04"; metadata: policy security-ips drop, service http; reference: url, www.win.tue.nl/hashclash/rogue-ca/; classtype: policy-violation; sid:1000001;)

It wont actually traverse the ASN1 properly, but the Md5WithRsaEncryption ASN1 identifier is unique enough within the OCSP protocol that it shouldn't false on you. Note that this will only show you when you've gotten an MD5'd cert; the responsibility for deciding whether or not it's valid is on you. In my quick checking, none of the SSL sites I use for banking, searching, email, or even gaming used MD5'd certs, so if the rule goes off before you check your checking account, you may want to think twice.

No comments:

Post a Comment