The MD5 cryptographic hashing algorithm had taken a beating from security researchers in the early 2000s. It was getting cheaper and easier to generate MD5 collisions. That is, two different blobs of data could be generated that had the same output digest when run through the MD5 algorithm, sometimes with attacker-controlled input (a chosen-plaintext collision).
The implications of practical collision attacks against hashing algorithms such as MD5 are widespread. However, attacks up to 2008 had been primarily academic in nature: “Hey, look I can generate two giant files that have the same MD5 hash, if I lease out the supercomputer for a month.”
Free eBook: Modern Retail Security Risk – Get your copy now.
A group of security researchers decided to challenge the real-world security of the MD5 algorithm and targeted the Certificate Authorities (CAs) and PKI that form the underlying trust of SSL/TLS communications on the Internet. It turns out that several CAs were still using the MD5 algorithm for ensuring the integrity of their certificates.
So, this group of researchers pulled off a practical and severe MD5 collision attack against a CA’s certificate, allowing them to forge their own CA certificate and sign new valid certificates (eg. google.com) with it. And it didn’t take a ton of time and money, just a day or two using 200 Playstation 3s.
So, MD5 was ejected from use by CAs, and SHA-1 was the new algorithm of choice.
Ok, fast forward back to today.
The SHA-1 algorithm that we replaced MD5 with is facing similar pressure and attacks. We’ve also seen that it’s not just academic researchers we need to worry about, but large nation-state intelligence agencies that have more funding and resources than a few Playstation consoles and plenty of motivation and newly-documented ambition to break much of the cryptography used on the Internet to secure communications.
In fact, besides all the Snowden/NSA docs, the Flame malware discovered back in 2012 that is rumored to have been written (at least in part) by US intelligence agencies used an advanced private-developed variation of the MD5 collision attack in order to create a forged Windows Update certificate.
While SHA-1 is not in the same immediate peril as MD5 was back in 2008, we’ve learned to be a little more progressive in terms of Internet security, given a better understanding of where the intelligence community may be at in terms of capabilities compared to the attacks against SHA-1 that are publicly disclosed by academic researchers. So, to get a bit ahead of the curve, CAs have begun to issue SHA-2 based certificates and are slowly deprecating any SHA-1 certificates to avoid history repeating itself.
To accelerate the migration from SHA-1 to SHA-2, Google has decided to warn users about SHA-1 certificates in the Chrome web browser. In other words, if you visit a website that has not yet moved to a SHA-2 SSL certificate, Chrome will display a warning in the address bar where the “SSL lock” usually is. These changes to the Chrome web browser will likely hit hundreds of millions of Internet users this week with the release of Chrome 40, so get ready for warning-palooza!
To learn what this means for Duo customers and for normal users, please view the original article on Duo Security’s blog here.
Jon Oberheide is the co-founder and CTO of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, Jon was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, Jon enjoyed offensive security research and generally hacking the planet. Jon was recently named to Forbes “30 under 30″ list for his mobile security hijinks.
About Duo Security
Duo Security is on a mission to provide advanced security solutions for organizations of all sizes. Duo’s innovative technology protects users, data and applications from credential theft and breaches with a focus on streamlined usability. The company was co-founded by CEO Dug Song, a major contributor to the security community, and CTO Jon Oberheide, expert cloud, mobile, and malware security researcher.