Using PS3's To Forge Site Certificates Verisign discontinues flawed MD5 certificates Tipped by KeysCapt 
User KeysCapt writes in: "Researchers using 200 PlayStation 3's, a sophisticated attack on the ailing MD5 hash algorithm, and a slip-up by Verisign claim to have found a method of hacking any website, in the interest of improving web security. As a result Verisign says it's stopped using MD5, as of around noon Pacific time December 30. "We're disappointed that these researchers did not share their results with us earlier," writes Verisign's Tim Callan, "but we're happy to report that we have completely mitigated this attack." Some additional discussion of this can be found in our security forum. Princeton Professor Ed Felten has a good layman's explanation of what the discovery means. Resident security expert Steve Friedl offers up his guide to cryptographic hashes. The actual research note can be found here, while a response by Verisign's Tim Callan can be found here.
|
 |  |  TSI GabePremium,VIP
join:2007-01-03
Chatham, ON
kudos:2 | Re: For those wondering "Why Playstation 3s?" Yeah I've coded an MD5 algo myself for the PS3 and it does 80 million hashes per second.
This may not look like a lot, but its just about as much as a very expensive Xeon server so your bang for the buck is quite real. | |
| | |  SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: For those wondering "Why Playstation 3s?" said by TSI Gabe:Yeah I've coded an MD5 algo myself for the PS3 and it does 80 million hashes per second. What ever happened to 30 billion hashes per second?
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site | |
| | | | beaups
join:2003-08-11
Hilliard, OH | Re: For those wondering "Why Playstation 3s?" lol I was just wondering the same thing | |
| | | | TSI GabePremium,VIP
join:2007-01-03
Chatham, ON
kudos:2 | That was the C compiler optimizing my code into doing nothing quite literally. Sometimes those C optimizations don't really help... | |
| | | | | SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: For those wondering "Why Playstation 3s?" said by TSI Gabe:That was the C compiler optimizing my code into doing nothing quite literally. Sometimes those C optimizations don't really help... It's far more likely that your optimizer found a bug in your code than you found a bug in the optimizer.
The problem with compilers is that they do exactly what you ask them too bad women and children won't follow that example 
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site | |
| | | | | | TSI GabePremium,VIP
join:2007-01-03
Chatham, ON
kudos:2 | Re: For those wondering "Why Playstation 3s?" No Actually removing a printf simply displaying the value being calculated completely removed the md5 function from the code. | |
| | | | | | | SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: For those wondering "Why Playstation 3s?" said by TSI Gabe:No Actually removing a printf simply displaying the value being calculated completely removed the md5 function from the code. The compiler did what it was supposed to do: if you were calling a function that had no side effects, it knew that it could eliminate the call without having any effect on correct operation. It was right.
Benchmarking is a known science; calling your operation in a way that insists on a side effect (as I'm sure you found) lets you get the effect you want.
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site | |
|
| KearnstdElf WizardPremium
join:2002-01-22
Mullica Hill, NJ | PS3s really are being used in ways that Sony never intended lol. how long till DARPA builds a supercomputer of 5000 PS3 CPUs lol.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports | |
|
 MxxCon
join:1999-11-19
Brooklyn, NY
1 edit |  KARL, YOU ARE WRONG.
THEY NEVER SAID THEY "have found a method of hacking any website".
what they did say was that they "found a way to forge certain digital certificates"
THAT'S A HUGE DIFFERENCE.
your own link to our forum says »SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website"
KARL, STOP SPREADING FUD! --
Check out my awesome city of MxxTopia »mxxtopia.myminicity.com/ind or »mxxtopia.myminicity.com (the more people visit, the bigger it is) | |
| |  CheesePremium
join:2003-10-26
Naples, FL
kudos:1 | Re: KARL, YOU ARE WRONG. said by MxxCon:how can you post a story without even reading it?! THEY NEVER SAID THEY "have found a method of hacking any website".what they did say was that they "found a way to forge certain digital certificates"THAT'S A HUGE DIFFERENCE. your own link to our forum says » SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website" KARL, STOP SPREADING FUD! And the article says CLAIM, not they they DID, can YOU read? | |
| | | MxxCon
join:1999-11-19
Brooklyn, NY | Re: KARL, YOU ARE WRONG. they never CLAIMED to have found a method of hacking any website either. | |
|
| | | said by MxxCon:how can you post a story without even reading it?! THEY NEVER SAID THEY "have found a method of hacking any website".what they did say was that they "found a way to forge certain digital certificates"THAT'S A HUGE DIFFERENCE. your own link to our forum says » SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website" KARL, STOP SPREADING FUD! I have to agree with you. Though they claim its just a "proof-of-concept" aka POC or Piece o' cr4p. I love how people always go "omgz its a new exploitz, lets all freak out" - and never actually demonstrates that it works. I mean what the hell people, so if I sat there and said that I found a "POC" exploit for Linux servers would you all jump out of your chair and go "I'm switching to Windows Server". I hope not (assuming I could explain exactly how it worked).
And actually this is partly the browsers fault, and the HTTPS scheme as a whole. I mean I just find the whole idea of *paying* for security a little unsecure. CA's don't maintain SSL, so why should we shell out $$$ to them? But, whatever, back to the point at hand. So lets point out the browser: its stupid. It wont tell you *what* CA verified (unless you manually look) the cert, just that its good; wait...so a cert from ABC company is as valid of a cert from verisign? Uhhh...I see something wrong with that myself but regardless.
I actually did see that a long time ago that 2 (chinese?) people claimed to have "broken" the MD5 algorithm (they claimed they were able to determine collisions or something like that...). They never posted any evidence, just that they broke it. Here it is, what a couple years later, I haven't seen a story on how MD5 is really broken, have you? What makes that even more of a laugh is that MD5 isn't an encryption, its just a hash algorithm. What makes THIS story a laugh too is that MD6 was talked about a long time and seems to be available for your greedy downloading hands.
My question I propose to you:
If MD6 is available, why not use THAT in certificates instead of MD5? After all, don't we trust in CA's to keep our sites and data secure and encrypted? I know I sure don't for my own sites/services (you might be like "wtf?", but I am coming with a solution to that).
In my conclusion, its merely just a response to increase of technology. Its like saying you can find the prime numbers to a 20 digit (I don't know, some obscene number) composite number in a matter of seconds on a quad core, with 64bit os with 4GBs of RAM. Yeah, its defiantly going to make that large number look like nothing on modern technology, but when the number was put out there - the technology at the time couldn't handle it. So - there's nothing to see here, move along. | |
| | |  sporkmedrop the crantini and move it, sisterPremium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| Re: KARL, YOU ARE WRONG. said by k1ll3rdr4g0n:[ If MD6 is available, why not use THAT in certificates instead of MD5? Hell, why not just turn it all the way up to MD11??? | |
|
| | Not news The flaw is in the process of issuing new MD5 certificates. If no one is issuing new MD5s, this is not a problem. | |
|  R4M0NBrazilian Soccer Ownz Joo
join:2000-10-04
Glen Allen, VA | Congratulations This is the first site I regularly frequent where this topic did not turn into a fanboy bash-fest about the virtues/flaws of the PS3.
There's still hope for geek humanity.  | |
|  KeysCaptPremium,Mod
join:2001-07-11
Keys Exile
kudos:1
Time Warner Cable ..
Weather
Ham Radio
AT&T Southeast
Sports Chat
| Not Karl's Fault That isn't Karl's fault ... if there are any inaccuracies, I'm the one who provided the info from the Wired.com article. It states, "A powerful digital certificate that can be used to forge the identity of any website on the internet is in the hands of in international band of security researchers, thanks to a sophisticated attack on the ailing MD5 hash algorithm, a slip-up by Verisign, and about 200 PlayStation 3s." Their original blog pointer to the story, now gone, included the "we can hack anything" suggestion. | |
| sporkmedrop the crantini and move it, sisterPremium,MVM
join:2000-07-01
Morristown, NJ Reviews:
·Optimum Online
| Anyone get a replacement cert? I emailed RapidSSL support about this the day it was published and heard nothing. Now I see official press releases indicating that they will re-issue MD5-signed certs, but no mention of this on the RapidSSL site and no response from support.
Anyone found any more info on getting a reissue?
--
with every mistake we must surely be learning | |
|
| |
|
|
