Researchers Show MD5 Cryptographic Algorithm Broken


A group of researchers have recently proven that the MD5 cryptographic algorithm can be broken. In order to prove their theory, the researchers created a rogue Certification Authority (CA). The CA could impersonate any Web site on the Internet because it created a certificate that was trusted by all browsers, an attack that's almost impossible to detect and defend against.


The vulnerability in MD5 allowed the researchers to create multiple messages with the same hash. This is called a collision. Exploiting this vulnerability in MD5 allows an attacker to create a fake CA certificate that looks like it was signed by a root CA. This fake certificate can be used to exploit any number of attacks without the knowledge of the user.


Users can check to see how their certificates are signed by simply opening up the browser and clicking on Tools -> Internet Options -> Content -> Certificates. From the Certificates tab, choose the CA you want to check, then double-click on it. From the Details tab, check the Signature Algorithm and you can see how the signature was signed. Certificates signed with md5RSA are vulnerable. The attack has not been able to take advantage of certificates signed with sha1RSA.


End users have few options once a suspect certificate is identified. You can try to revoke the certificate, but since these fake certificates usually do not contain a URL to a valid revocation site, they cannot be removed. Security administrators can force a revocation by querying a company's specific Online Certificate Status Protocol (OCSP) for revocation information.


The underlying problem here is that some CAs are still using MD5, an old cryptographic hash function designed in 1991 by Ron Rivest to replace MD4, to create their certificates. MD5 only supports a key length of 128 bits. In order to fix this problem, CAs are urged to sign their certificates with a newer signature such as SHA-1 or SHA-2, which provides much better security due to a stronger key length. Although SHA-1 has been found to have a security flaw, it supports a key length of 160 bits, while SHA-2 supports a variable key length. CAs are not going to go away any time soon. In fact, the use of certificates is extending into hardware such as USB drives. This is a good example of why sometimes we have to let go of the old and embrace the new.