A security research team has demostrated how to use MD5 collision to create a rogue Certificate Authority certificate
with a cluster of 200 ps3s!!
You can find all the information here
The attack take advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages
with the same MD5 hash and affects CAs that are still using this broken hash function like rapidssl.
We can use the python port of M2Crypto to automating the process to obtain server certificates to verify
they are still using a certificate signed with MD5:
from M2Crypto import SSL ctx = SSL.Context() conn = SSL.Connection(ctx) conn.connect(('www.rapidssl.com', 443)) cert = conn.get_peer_cert() print cert.as_text()
Output:
Certificate: Data: Version: 3 (0x2) Serial Number: 1795 (0x703) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1 Validity Not Before: Mar 8 15:35:33 2005 GMT Not After : Mar 7 15:35:33 2010 GMT Subject: C=US, O=GeoTrust Inc., OU=Production, CN=www.rapidssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:bf:2b:bb:b0:a8:78:fb:8d:76:d7:14:c1:92:d8: c8:cb:99:ed:a8:9e:37:e5:4f:5d:7e:06:f6:52:5e: 5c:4e:e8:6b:9e:22:bb:62:8b:b6:db:fe:5f:05:15: 79:81:5a:4c:4c:89:6c:42:77:50:ac:8d:ce:a6:1a: 49:21:8c:27:db:1a:79:f0:5d:fc:4d:84:8b:42:0f: 8e:e6:6d:74:4b:a9:1e:b3:97:38:39:ec:28:88:5e: 1d:7a:c9:2b:53:34:71:2c:6c:80:80:78:ed:08:c7: a8:fb:70:39:76:3b:2a:bd:c4:a9:88:6c:95:95:73: 2a:ab:85:05:15:b8:cd:59:5f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 CRL Distribution Points: URI:http://crl.geotrust.com/crls/ebizca1.crl X509v3 Authority Key Identifier: keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1 Signature Algorithm: md5WithRSAEncryption 49:e5:4b:7f:48:f3:d1:b6:04:f4:59:a7:63:92:f2:eb:b2:a3: 1f:c3:31:c4:d3:54:67:9d:77:35:e2:e1:a4:84:9b:d4:91:82: 32:6b:93:3e:d8:7e:36:66:c8:aa:5f:b8:3a:ee:2c:2c:70:97: 66:d1:e5:0e:23:dd:04:39:a8:c8:e4:4e:bb:75:85:52:d0:cd: 37:51:69:07:aa:25:5d:cb:60:ac:a1:98:54:4b:1e:9d:49:fe: fa:b1:eb:f9:c3:79:bc:84:d8:4a:2c:bf:67:de:0c:70:8d:f0: c3:14:6f:04:8b:9d:14:bd:e9:fd:fd:b7:6d:66:9b:bc:e5:f1: 74:54
With this module you can easily make a tool to scan internet sites that are still using certificates
of CAs affected (md5WithRSAEncryption).