SSL certificates and MD5 collisions
Posted Jan 23, 2009 15:07 UTC (Fri) by forthy
Parent article: SSL certificates and MD5 collisions
There are large numbers of such certificates in use today, so
browsers cannot just stop accepting them.
Of course they can, and they should. Well "stop accepting" is a bit
strong, anyway, since you can user-override insecure certificates. What
they should is provide an appropriate warning, e.g. orange. It's not
completely broken (like red), but when looking for the details, the
browser should warn about the outdated certificate hash algorithm.
ObCryptology: All these certificates are broken, including the SHA-1
ones. SHA-1 is an insecure hash key, even though you need way more
computing power, or at least a lot longer document than an SSL
certificate. But wait a few years, and a campus scale cluster of GPGPUs
can crack SHA-1 in weeks. One thing to learn about digital signatures is
that you should never just sign a hash. Use salted hashes for signatures
(salt: Random stuff injected into the hash generation). An unsalted hash
with n bits has only the strength of max n/2 bits, a salted hash (salt=n
bits) gains full strength. A certificate signed by several parties, each
using a different salt, has even more strength.
to post comments)