It just makes it easier to bruteforce, because knowing about RapidSSL’s process eliminates some parameters that would otherwise be completely random.

Now that Alexander is responding here, I would like to ask what he suggests for the near future. Since SHA-0/1 hashes have major flaws as well, and I believe that’s still widely used.

For me security and hacking is only about latency, and variations thereof. The trick for criminals is to have short latency, and for security folks it is to have long latency. It’s a nice game but I think it’s critical to realize that indeed the security paradigm cannot exist. That doesn’t mean that security is void, it means that with long latency and addequate response and monitoring on a breach, you can be more secure.

In that case it’s a deserved recognition. Security is and always has been an economics issue, and they surely knew about MD5 collision weakness and denied the fact that MD5 is obsolete, because it would hurt their business model, forgetting that brilliant researchers like yourself will make them regret the choice of dollar signs in their eyes. But maybe not, I don’t think they even care after it went globally, these CA people don’t care about their users safety, they care about dollars.

I wish they were as responsible as automobile manufacturers, when they detect a flaw they recall all models, something that the Internet is still missing: Liability.

I don’t believe in perfect security so no, you cannot 100% trust all CA’s. But the PKI is not built on 100% trust but on reasonable trust (imho). Incidents like the ones above erode that trust towards a level where it might not be reasonable to trust them anymore. Of course ‘reasonable’ has different values for different people :)

Personally I would like to see some actions taken by the browser manufacturers (who include default trusted certs) and the CA’s to beef up that trust. Stricter rules wrt algorithms and processes used should be enforced. Stricter validation and vetting of both CA’s and resellers should be applied.

Oh, and if you don’t trust a CA, feel free to remove their certs from your browser :) (Ff: Tools->Options->Advanced->Encryption->View certificates->Authorities)

Obviously the theoretical attacks on certificate signing presented in 2005 and 2007 were not sufficient to make these companies stop using MD5, so we had to make the theoretical practical and do the attack. I was very pleased that Verisign responded quickly and as of today RapidSSL is no longer issuing MD5 signed certificates.

the way I see it now, self-signed certificates are more secure (from browser prospective). at least with the self-signed certs I can explicitly trust them. and if these trusted certs are changed, well… no worries! the browser will warn you, i think :)

“…How do we know that the CA issuer of certs can be trusted?…”

Obvious answer: we can’t.

Furthermore I know no-one who checks the certs and read them before accepting them, it just a false sense of security for man in the middle attacks if you own one end of the line already. Root a box that sets up a SSL connection and no matter how secure your certs are, MIM won’t be nessesary. Don’t know about you but guess a root password requires less computation than setting up a CA yourself with 300 playstations.

But that might be me, I think to simple.

Other than that, there are plenty of other ways which are easier to perform. Think about shared certs on virtual hosting for example, keys that link all over place without the need for fast computation. Criminals use the path of least resistance, maybe this feat in Cryptography is interesting for governments, my bet is that we won’t see attacks like these on webshops. it totally lacks perspective on the reality of Internet criminals, the term hacking certs is the right one as I see it only as a intellectual accomplishment build upon years of Cryptographic study unnecessary to provide PoC’s because everyone in Cryptography was already in the knowing.

Everyone knew the possible problems without the need for PoC’s. But no one did anything, maybe that’s the news: people start to see the real danger, other than that I’m far from impressed. I wonder if they are in need of funding of some kind, academics with too much spare time with agenda’s beyond my comprehension.

This is not a shoot down, it’s a common sense analysis on something that doesn’t needed a PoC in the first place to scare people away from using certs.