http://formortals.com/Default.aspx?tabid=36&EntryID=149

1) Verisign is covering their asses by basically asserting that certs they have issued are valid (duh), but try their darnedest to not touch with a hundred yard pole the issue of forged certs.

2) The only thing to do is :

2a) the CAs issue certs from now on with only SHA-1 hashes

2b) everybody starts researching another hash to use, because SHA-1 is already partly weakened ( http://www.computerworld.com/securitytopics/security/story/0,10801,99852,00.html )

2c) browsers deprecate certs with only MD5 hashes

2d) until 2b happens, browsers continue checking both hashes when a cert has both MD5 and SHA hashes

Ken, the biggest issue I can think of wrt the varying hashes is old browsers. I’d have to load some old machines to look, but I don’t know at what point SHA1 fingerprints started to be supported…the MD5 hashes almost certainly are there for backwards compatibility, since everyone’s known (at least in the abstract) this general break was coming for some time. Still surreal to see it actually working, though.

But if some of the old browsers out there in general use don’t support SHA1 hashes, they’re in serious trouble. There’s no real way to “fix” it. And I expect those are the exact people (less experienced users) that are most likely to click on phishing type links as well. Ick.

Good news is that SHA1 fingerprints aren’t spoofed along with the MD5 one, and no one is currently (publicly) even close to a general break in SHA1 that I’m aware of.

Bruce Schneier kind of shrugs it off on his blog, but that’s (IMO) more from a) an academic’s perspective that’s unsurprised by the MD5 break, since he’s all over that literature, and b) a security researcher who has become somewhat blase to how willing people are to click through an “invalid cert” message. To me, though, this is still pretty huge.

They panic is probably behind the scenes.

https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php

I notice, though, on doing a spot check of the certs in my browser, that there’s a SHA1 fingerprint for each cert, in addition to the MD5 one. Does the browser care only about the MD5 hash in determining the authenticity of certs? Or, does spoofing an MD5 hash also mean the SHA1 is spoofed as well? My ignorance of these things is appalling.

Looking forward to updates, after your conversations with your coworkers.

In a totally non-related topic, I’m also looking forward to the punkin’ soup recipe.

-k-

I’m curious how quickly certificates can be reissued with non-broken hashes.

I’m sure there is a great scattered, covered and smothered Waffle House joke in there somewhere, but I’m drawing blanks.