25C3: Fake CA Certificates

January 3, 2009 | Jaime Blasco
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

A security research team has demostrated how to use MD5 collision to create a rogue Certificate Authority certificate

with a cluster of 200 ps3s!!

You can find all the information here

The attack take advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages

with the same MD5 hash and affects CAs that are still using this broken hash function like rapidssl.

We can use the python port of M2Crypto to automating the process to obtain server certificates to verify

they are still using a certificate signed with MD5:

from M2Crypto import SSL



ctx = SSL.Context()

conn = SSL.Connection(ctx)

conn.connect(('www.rapidssl.com', 443))

cert = conn.get_peer_cert()

print cert.as_text()



Output:

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 1795 (0x703)

        Signature Algorithm: md5WithRSAEncryption

        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1

        Validity

            Not Before: Mar  8 15:35:33 2005 GMT

            Not After : Mar  7 15:35:33 2010 GMT

        Subject: C=US, O=GeoTrust Inc., OU=Production, CN=www.rapidssl.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

            RSA Public Key: (1024 bit)

                Modulus (1024 bit):

                    00:bf:2b:bb:b0:a8:78:fb:8d:76:d7:14:c1:92:d8:

                    c8:cb:99:ed:a8:9e:37:e5:4f:5d:7e:06:f6:52:5e:

                    5c:4e:e8:6b:9e:22:bb:62:8b:b6:db:fe:5f:05:15:

                    79:81:5a:4c:4c:89:6c:42:77:50:ac:8d:ce:a6:1a:

                    49:21:8c:27:db:1a:79:f0:5d:fc:4d:84:8b:42:0f:

                    8e:e6:6d:74:4b:a9:1e:b3:97:38:39:ec:28:88:5e:

                    1d:7a:c9:2b:53:34:71:2c:6c:80:80:78:ed:08:c7:

                    a8:fb:70:39:76:3b:2a:bd:c4:a9:88:6c:95:95:73:

                    2a:ab:85:05:15:b8:cd:59:5f

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

            X509v3 CRL Distribution Points: 

                URI:http://crl.geotrust.com/crls/ebizca1.crl



            X509v3 Authority Key Identifier: 

                keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1



    Signature Algorithm: md5WithRSAEncryption

        49:e5:4b:7f:48:f3:d1:b6:04:f4:59:a7:63:92:f2:eb:b2:a3:

        1f:c3:31:c4:d3:54:67:9d:77:35:e2:e1:a4:84:9b:d4:91:82:

        32:6b:93:3e:d8:7e:36:66:c8:aa:5f:b8:3a:ee:2c:2c:70:97:

        66:d1:e5:0e:23:dd:04:39:a8:c8:e4:4e:bb:75:85:52:d0:cd:

        37:51:69:07:aa:25:5d:cb:60:ac:a1:98:54:4b:1e:9d:49:fe:

        fa:b1:eb:f9:c3:79:bc:84:d8:4a:2c:bf:67:de:0c:70:8d:f0:

        c3:14:6f:04:8b:9d:14:bd:e9:fd:fd:b7:6d:66:9b:bc:e5:f1:

        74:54

With this module you can easily make a tool to scan internet sites that are still using certificates

of CAs affected (md5WithRSAEncryption).

Jaime Blasco

About the Author: Jaime Blasco
Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AlienVault, Jaime leads the Lab Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AlienVault he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime's work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.
Read more posts from Jaime Blasco ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL