A look at the CA Cert hack

Date January 7, 2009

I may be a little late on this, and not one of the first to post, but having time to watch others comment on the recent hack were researchers were able to create a rogue, correctly signed CA certificate really does help get some perspective on the issue(s).

First up, many of the initial posts I saw claimed the sky was falling.  It seems that 2008 was the year where every single disclosure "broke" the internet.  Well, 2009 is here and everything seems to be working well for me! 

After reading the details about the hack, it’s certainly impressive and a nice demonstration.  Thing is, we’ve known about this specific hack since 2007!  That’s right, this is an actual proof-of-concept for a theoretical attack that was discussed (in some detail – see the researchers paper for links) nearly 2 years ago.  CA’s changed to using SHA1 (we’ve actually known MD5 wasn’t a great hashing algorithm since 2004), and everything was good.

Or perhaps not.  Netcraft’s research shows that 14% of the certs out on the internet use MD5.   I’m not totally sure of this value (and I’m not paying £1200 to see the details of the report) as a cert can be signed with both MD5 and SHA1, but it’s still quite a large percentage.  Seems clear that for some to change, we need an actual exploit rather than just being told something is vulnerable.

The extent of the hack is pretty widespread.  Even though it targeted one CA and their cert creation process, the fact is that once you have a CA cert any other cert can be signed and "trusted" by browsers (even certs that are not chained to that CA, so therefore any site on the net can be forged).  This means that for a man-in-the-middle attack, everything would look good to the end user.  How much is this hack being used?  Well, we have no way of knowing, although it’s doubtful it’s in large circulation by the blackhats – the attack is quite sophisticated, and requires quite a financial commitment.

Microsoft and Mozilla have commented on the issue, and it’s interesting that they talk about EV Certs.  This is all well and good, but I don’t think that this is a mitigation strategy (EV certs have to use SHA1, and therefore are not subject to this hack) – far too often are certs broken for some reason or the other, and users just click through any warnings they get.  Therefore, in a lot of cases, a correctly signed cert, rogue or not, doesn’t even matter!

So, this was seriously interesting research, but rather than the hack itself what is interesting to me is how it’s taken until now for a known, potentially high-risk issue to be addressed.  I guess the "if it’s not broken (well, not too broken at least) don’t fix it" is alive and well :)

I read a lot of posts before writing this (that I haven’t linked to above), so thanks to the following not only for these specific posts, but for the great work they have been putting in making interesting content to read over the past year.

http://blog.phishme.com/2008/12/more-than-one-way-to-skin-a-ca/
http://www.gnucitizen.org/blog/thoughts-on-the-certificate-authority-attack-presented-at-ccc/
http://securosis.com/2008/12/30/what-average-users-need-to-know-about-the-sslroot-certificate-authority-exploit/
http://spiresecurity.typepad.com/spire_security_viewpoint/2009/01/should-verisign-sue-sotirov-appelbaum.html
http://www.veracode.com/blog/2008/12/major-break-in-md5-signed-x509-certificates/

Category Posted in Industry, Security


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>