1. AT&T Cybersecurity
  2. Blog
  3. Alien Labs
  4. 25C3: Fake CA Certificates

25C3: Fake CA Certificates

January 3, 2009  |  Jaime Blasco

A security research team has demostrated how to use MD5 collision to create a rogue Certificate Authority certificate

with a cluster of 200 ps3s!!

You can find all the information here

The attack take advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages

with the same MD5 hash and affects CAs that are still using this broken hash function like rapidssl.

We can use the python port of M2Crypto to automating the process to obtain server certificates to verify

they are still using a certificate signed with MD5:


from M2Crypto import SSL



ctx = SSL.Context()

conn = SSL.Connection(ctx)

conn.connect(('www.rapidssl.com', 443))

cert = conn.get_peer_cert()

print cert.as_text()

Output:


Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 1795 (0x703)

        Signature Algorithm: md5WithRSAEncryption

        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1

        Validity

            Not Before: Mar  8 15:35:33 2005 GMT

            Not After : Mar  7 15:35:33 2010 GMT

        Subject: C=US, O=GeoTrust Inc., OU=Production, CN=www.rapidssl.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

            RSA Public Key: (1024 bit)

                Modulus (1024 bit):

                    00:bf:2b:bb:b0:a8:78:fb:8d:76:d7:14:c1:92:d8:

                    c8:cb:99:ed:a8:9e:37:e5:4f:5d:7e:06:f6:52:5e:

                    5c:4e:e8:6b:9e:22:bb:62:8b:b6:db:fe:5f:05:15:

                    79:81:5a:4c:4c:89:6c:42:77:50:ac:8d:ce:a6:1a:

                    49:21:8c:27:db:1a:79:f0:5d:fc:4d:84:8b:42:0f:

                    8e:e6:6d:74:4b:a9:1e:b3:97:38:39:ec:28:88:5e:

                    1d:7a:c9:2b:53:34:71:2c:6c:80:80:78:ed:08:c7:

                    a8:fb:70:39:76:3b:2a:bd:c4:a9:88:6c:95:95:73:

                    2a:ab:85:05:15:b8:cd:59:5f

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

            X509v3 CRL Distribution Points: 

                URI:http://crl.geotrust.com/crls/ebizca1.crl



            X509v3 Authority Key Identifier: 

                keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1



    Signature Algorithm: md5WithRSAEncryption

        49:e5:4b:7f:48:f3:d1:b6:04:f4:59:a7:63:92:f2:eb:b2:a3:

        1f:c3:31:c4:d3:54:67:9d:77:35:e2:e1:a4:84:9b:d4:91:82:

        32:6b:93:3e:d8:7e:36:66:c8:aa:5f:b8:3a:ee:2c:2c:70:97:

        66:d1:e5:0e:23:dd:04:39:a8:c8:e4:4e:bb:75:85:52:d0:cd:

        37:51:69:07:aa:25:5d:cb:60:ac:a1:98:54:4b:1e:9d:49:fe:

        fa:b1:eb:f9:c3:79:bc:84:d8:4a:2c:bf:67:de:0c:70:8d:f0:

        c3:14:6f:04:8b:9d:14:bd:e9:fd:fd:b7:6d:66:9b:bc:e5:f1:

        74:54

With this module you can easily make a tool to scan internet sites that are still using certificates

of CAs affected (md5WithRSAEncryption).

Share this with others

Tags: encryption, ssl, broken, md5, tags 25c3

Get price Free trial

We use cookies to provide you with a great user experience. By using our website, you agree to our Privacy Policy and Website Terms of Use.