User: Password:
Subscribe / Log in / New account

SSL certificates and MD5 collisions

SSL certificates and MD5 collisions

Posted Jan 23, 2009 15:07 UTC (Fri) by forthy (guest, #1525)
Parent article: SSL certificates and MD5 collisions

There are large numbers of such certificates in use today, so browsers cannot just stop accepting them.

Of course they can, and they should. Well "stop accepting" is a bit strong, anyway, since you can user-override insecure certificates. What they should is provide an appropriate warning, e.g. orange. It's not completely broken (like red), but when looking for the details, the browser should warn about the outdated certificate hash algorithm.

ObCryptology: All these certificates are broken, including the SHA-1 ones. SHA-1 is an insecure hash key, even though you need way more computing power, or at least a lot longer document than an SSL certificate. But wait a few years, and a campus scale cluster of GPGPUs can crack SHA-1 in weeks. One thing to learn about digital signatures is that you should never just sign a hash. Use salted hashes for signatures (salt: Random stuff injected into the hash generation). An unsalted hash with n bits has only the strength of max n/2 bits, a salted hash (salt=n bits) gains full strength. A certificate signed by several parties, each using a different salt, has even more strength.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds