[110309] in North American Network Operators' Group
RE: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (Skywing)
Fri Jan 2 16:19:42 2009
From: Skywing <Skywing@valhallalegends.com>
To: Deepak Jain <deepak@ai.net>, "Steven M. Bellovin" <smb@cs.columbia.edu>
Date: Fri, 2 Jan 2009 15:19:19 -0600
In-Reply-To: <D338D1613B32624285BB321A5CF3DB250C8BAEFE61@ginga.ai.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
For IE and other things using CryptoAPI on Windows, this should be handled =
through the automagic root certificate update through Windows Update (if on=
e hasn't disabled it), AFAIK.
The question is really whether that mechanism requires a cert rooted at a M=
icrosoft authority or not. The danger being that someone could use an inte=
rmediate CA rooted at an md5-signing CA and present a seemingly valid cert =
through that with the right common name.
Some other Microsoft things (i.e. KMCS) require certs rooted to a single sp=
ecific root and not just *any* global root, so it's possible that the same =
is done for root certificate update blobs; however, I don't know for certai=
n, and some research would need to be done. I don't think any of the MS is=
suing roots use md5, though.
- S
-----Original Message-----
From: Deepak Jain [mailto:deepak@ai.net]=20
Sent: Friday, January 02, 2009 4:14 PM
To: Steven M. Bellovin
Cc: NANOG
Subject: RE: Security team successfully cracks SSL using 200 PS3's and MD5 =
flaw.
> If done properly, that's actually an easier task: you build the update
> key into the browser. When it pulls in an update, it verifies that it
> was signed with the proper key.
>=20
If you build it into the browser, how do you revoke it when someone throws =
2000 PS3s to crack it, or your hash, or your [pick algorithmic mistake here=
].
Deepak
