IETF Logo Mail Archive

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CA certificate

"Richard Graveman" <rfgraveman@gmail.com> Mon, 05 January 2009 06:54 UTC

Return-Path: <saag-bounces@ietf.org>
X-Original-To: saag-archive@ietf.org
Delivered-To: ietfarch-saag-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D031828C10A; Sun, 4 Jan 2009 22:54:26 -0800 (PST)
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1774A3A6A8F for <saag@core3.amsl.com>; Wed, 31 Dec 2008 09:42:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 533uxqIY3xxD for <saag@core3.amsl.com>; Wed, 31 Dec 2008 09:42:00 -0800 (PST)
Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.29]) by core3.amsl.com (Postfix) with ESMTP id DF1653A6A88 for <saag@ietf.org>; Wed, 31 Dec 2008 09:41:59 -0800 (PST)
Received: by yx-out-2324.google.com with SMTP id 8so2618884yxg.49 for <saag@ietf.org>; Wed, 31 Dec 2008 09:41:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ZD9TojQEFyfj0W7iXrtxcx8h2S2ZU6g06bJG0wBtyp8=; b=kIpazLlyrapStUZO59ldJG2lZ7HppiZCZwpOxpzxxazz9NWpK2QnKGWK6KMMc8W3Pz S5gPBWBN1uc+jiSPynTi8mZ4jHUBPTcLYu9OgF/mWDVEy1fZNDzpYkEr5Z6vK+aG2qwv 1RpFnEF4Kv1rYydWEaYZFUWJr7/G607jjSxLE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=al3rf5cslMjd82x2N/icHAoZW4pRhV4D5WDrEYQvk4I1AoE0U8/3ZaPneE7gt6dV3w v65NcWzAiFtb3Grsx+TWvWp/5LcC8gTQJuyXp6PSomYeFD8QkVacCkM0OMvYnbLmJh5n A6HHO4AE/eGboUvdWMjmoG0a3Nd0lurUk/Osc=
Received: by 10.90.30.2 with SMTP id d2mr7680961agd.58.1230745307984; Wed, 31 Dec 2008 09:41:47 -0800 (PST)
Received: by 10.90.88.7 with HTTP; Wed, 31 Dec 2008 09:41:47 -0800 (PST)
Message-ID: <45c8c21a0812310941v4469114ctdbe284ea0cbc6d35@mail.gmail.com>
Date: Wed, 31 Dec 2008 12:41:47 -0500
From: Richard Graveman <rfgraveman@gmail.com>
To: RJ Atkinson <rja@extremenetworks.com>
In-Reply-To: <7E552E3F-C85A-4F0E-AC3E-879720A1E55F@extremenetworks.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <E1LHplH-0006Xw-V6@wintermute01.cs.auckland.ac.nz> <7E552E3F-C85A-4F0E-AC3E-879720A1E55F@extremenetworks.com>
X-Mailman-Approved-At: Sun, 04 Jan 2009 22:54:23 -0800
Cc: cfrg@irtf.org, saag@ietf.org
Subject: Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CA certificate
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: saag-bounces@ietf.org
Errors-To: saag-bounces@ietf.org

Ran,

> It would be very helpful if a *set* of mathematicians/cryptographers
> could jointly put together a summary of the known attacks on all
> the widely used hash algorithms (e.g. MD2, MD4, MD5, SHA-0, SHA-1,
> SHA-2, others), *including references to the published literature*.

For an expert, authoritative, and incredibly up-to-date tutorial on
the state of hash functions, go to http://www.inscrypt.cn/, get the
invited talks, and see the one by Preneel. If the intro material is
boring, flip to slide 45 and start reading. No, MD5 and SHA-1 are not
quite in the same boat.

For full papers, see IACR eprints 2008/391 for MD5, 2008/469 for
SHA-1, and 2006/187 for HMAC with these. Follow the references
therein. I avoided sources that cost money to get to, etc.

Unfortunately, the ways cryptologists look at these things and the
ways the IETF uses them are not always the same, so there is more work
to do. Suffice it to say, for a start, there is a big difference
between, say:

1. An HMAC based on a fresh key used by IPsec of TLS for a few minutes.
2. An HMAC based on a key stuck in a router and keft there for months or years.
3. A hash used to sign an email.
4. A hash use to sign a root certificate.

Rich Graveman
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email