25C3: MD5 collisions crack CA certificate
Found on Heise on Monday, 29 December 2008
A security research team has used MD5 collision attacks to create a rogue Certificate Authority (CA) certificate. The certificate is trusted by all common web browsers and allows them to impersonate any website on the internet, including HTTPS secured banking and e-commerce sites.
The certificate can also be used to sign other certificates, which could allow attackers to carry out "practically undetectable phishing attacks".
The team found the following CAs still using MD5; RapidSSL, FreeSSL, TC TrustCenter AG, RSA Data Security, Thawte and verisign.co.jp. They collected 30,000 certificates and found 9,000 of them were signed with MD5 and of them, 97 per cent were issued by RapidSSL.
The fact that MD5 is not a trustworthy checksum is known for more than ten years by now. Still using it for crucial and security related purposes is inexcusable. Saying that nobody will go through the hassles of finding a collision ignores the energy the organized crime can release.