MD5 Hack Interesting, But Not Threatening
Found on SecurityFocus on Sunday, 04 January 2009
Considering that it took the original researchers four tries over at least a month to successfully accomplish their attack against the RapidSSL brand, we're fully confident that no malicious organization had the opportunity to use this information against RapidSSL, or any other certificate authority authorized by VeriSign.
As it happens the most expedient and safest method of mitigating the attack was to switch it out for SHA-1. We had been planning this migration to occur on RapidSSL in January 2009 anyway, so we had a high degree of confidence in accelerating that deployment.
For a migration that's been planned for years, several things are surprising: first of all, the switch to SHA-1, which has already been broken in theory and is not recommended as a secure hashing algorithm since 2005. Instead, they could have switched to the highest level of the SHA-2 class, SHA-512. Also, VeriSign was able to switch from MD5 to SHA-1 "about four hours later". Impressive for a migration that took years of planning. If it was so complex and scheduled for the end of January, how come it was so fast to switch? Especially on a rather sudden notice. I'm not saying that VeriSign is lying, but things like these just catch your attention. No matter if that's just PR talk or really a lucky coincidence: switching was good. Not perfect, but good.