Entries tagged as md5
aiglx 3d 4k assembler cacert ccc ccwn come2linux compiz cryptography darmstadt entropia essen games gentoo gentoo. compiz gpn gpn5 hacker hash linux metacity mrmcd mrmcd100b mrmcd101b passwörter programming security server sha1 unicode utf-8 vortrag wiesbaden wine xgl xorg ca certificate certificateauthority encryption https openssl privatekey rsa sha2 sha256 ssl symantec tls transvalid x509 23c3 24c3 berlin bewußtsein braunschweig bsideshn c4 cctv copyright datenschutz drm dvb easterhegg freesoftware gpn6 gpn7 hannover jugendumweltbewegung jukss karlsruhe kongress königswusterhausen licenses mysmartgrid ökologie openstreetmap papierlos pgp philosophie privacy programmieren publicdomain querfunk radio rsaoaep rsapss science slides stuttgart surveillance talk theory tpm überwachung überwachungskameras wahl wahlcomputer wahlmaschinen wiki augsburg beryl compizfusion composite inkscape kde lit07 lug luga waiblingen algorithm android apache apt badkeys browser cccamp cccamp15 certificates chrome chromium cloudflare cmi crash crypto deb debian dell deolalikar diffiehellman diploma diplomarbeit edellroot eff email english enigma facebook fedora fortigate fortinet forwardsecrecy gnupg gpg gsoc http javascript key keyexchange keyserver leak letsencrypt libressl maninthemiddle math milleniumproblems mitm modulobias nginx nist nss observatory ocsp ocspstapling openbsd openpgp packagemanagement password pnp provablesecurity pss random rc2 revocation revoke rpm schlüssel sha512 signatures smime superfish thesis ubuntu university updates verschlüsselung vulnerability web websecurity windowsxp wordpress 1und1 ac100 addresssanitizer artikel asan ati augsburgerallgemeine backnang bahn bash bios bonn bufferoverflow c camera canon cardreader chemnitz cinelerra clang clt compression console core coredump cpu cpufreq creativecommons cve delilinux demoscene desktop developingworld distribution dmidecode driver eltorito esslingen exe ffmpeg firefox fma86t france frankreich freeculture freedesktop freifunk frequencies froscon froscon2007 gadgets gaia gammu gatos gcc ghost glibc gnokii gnome google googleearth gphoto graphics grsecurity grub gtk harddisk hardware hddtemp heartbleed homebrew howto hp ibm ico icons icoutils installparty iptables iso itu kgtk kubuntu laptop lenovo lessig license lm_sensors lpi lpic lspci lsusb ludwigsburg lugbk macos mandriva memdisk memorysafety memorystick messe metisse microsoft mobile motherboard movie mplayer multimedia nancy network nokia notebook nouveau nvidia olpc omnibook opengl overheatd overheating pciids pcmagazin pcmcia php presse proxy ptp qt r300 radeon randr12 rar redhat reverseengineering ricoh rmll samsung schokokeks sd sdricohcs segfault shellshock siegburg smart smartbook smartmontools sncf softwarefreedomday squid standards subnotebook support symlink syslinux t61 thesource theunarchiver thinkpad time toshiba tv tvout unar usability usb usbids useafterfree vc-1 video videoediting vista web20 webhosting webinale webroot webserver wii wiibrew win32codecs windows windowsrefund wlan wmv wos wos4 wrestool x1carbon zeitung passwort wiesbadenerkurier 0days 27c3 adguard adobe aead aes afra altushost antivir antivirus aok auskunftsanspruch axfr azure barcamp berserk bias bigbluebutton bleichenbacher blog bodensee botnetz bsi bugbounty bundesdatenschutzgesetz bundestrojaner bundesverfassungsgericht busby bypass cbc cccamp11 cellular cfb chcounter clamav clickjacking cms code conflictofinterest cookie csrf dingens distributions dns domain drupal eplus fileexfiltration firewall freak freewvs frequency fsfe ftp fuzzing gajim gallery gimp git gnutls gobi gsm gstreamer hackerone hacking helma infoleak informationdisclosure internetscan ircbot itsecurity jabber jodconverter joomla kaspersky komodia libreoffice luckythirteen malware mantis mephisto mobilephones moodle mozilla mpaa mysql napster nessus netfiltersdk newspaper ntp ntpd onlinedurchsuchung openbsc openbts openleaks openvas osmocombb otr owncloud padding panda passwordalert pdo phishing poodle privdog protocolfilters python rand rhein rss s9y salinecourier serendipity session shellbot sicherheit snallygaster sni sniffing spam sqlinjection squirrelmail staatsanwaltschaft stacktrace study subdomain sunras taz tlsdate toendacms unicef update userdir virus vlc vulnerabilities webapps webmontag wiretapping xine xmpp xsa xss zerodays zugangsdaten zzuf cedric provider yacy calendar ipv6 planet stadtmitte
Monday, February 1. 2010
SSL-Certificates with SHA256 signature
At least since 2005 it's well known that the cryptographic hash function SHA1 is seriously flawed and it's only a matter of time until it will be broken. However, it's still widely used and it can be expected that it'll be used long enough to allow real world attacks (as it happened with MD5 before). The NIST (the US National Institute of Standards and Technology) suggests not to use SHA1 after 2010, the german BSI (Bundesamt für Sicherheit in der Informationstechnik) says they should've been fadet out by the end of 2009.
The probably most widely used encryption protocol is SSL. It is a protocol that can operate on top of many other internet protocols and is for example widely used for banking accounts.
As SSL is a pretty complex protocol, it needs hash functions at various places, here I'm just looking at one of them. The signatures created by the certificate authorities. Every SSL certificate is signed by a CA, even if you generate SSL certificates yourself, they are self-signed, meaning that the certificate itself is it's own CA. From what I know, despite the suggestions mentioned above no big CA will give you certificates signed with anything better than SHA1. You can check this with:
openssl x509 -text -in [your ssl certificate]
Look for "Signature Algorithm". It'll most likely say sha1WithRSAEncryption. If your CA is good, it'll show sha256WithRSAEncryption. If your CA is really bad, it may show md5WithRSAEncryption.
When asking for SHA256 support, you often get the answer that the software still has problems, it's not ready yet. When asking for more information I never got answers. So I tried it myself. On an up-to-date apache webserver with mod_ssl, it was no problem to install a SHA256 signed certificate based on a SHA256 signed test CA. All browsers I've tried (Firefox 3.6, Konqueror 4.3.5, Opera 10.10, IE8 and even IE6) had no problem with it. You can check it out at https://sha2.hboeck.de/. You will get a certificate warning (obviously, as it's signed by my own test CA), but you'll be able to view the page. If you want to test it without warnings, you can also import the CA certificate.
I'd be interested if this causes any problems (on server or on client side), so please leave a comment if you are aware of any incompatibilities.
Update: By request in the comments, I've also created a SHA512 testcase.
Update 2: StartSSL wrote me that they tried providing SHA256-certificates about a year ago and had too many problems - it wasn't very specific but they mentioned that earlier Windows XP and Windows 2003 Server versions may have problems.
The probably most widely used encryption protocol is SSL. It is a protocol that can operate on top of many other internet protocols and is for example widely used for banking accounts.
As SSL is a pretty complex protocol, it needs hash functions at various places, here I'm just looking at one of them. The signatures created by the certificate authorities. Every SSL certificate is signed by a CA, even if you generate SSL certificates yourself, they are self-signed, meaning that the certificate itself is it's own CA. From what I know, despite the suggestions mentioned above no big CA will give you certificates signed with anything better than SHA1. You can check this with:
openssl x509 -text -in [your ssl certificate]
Look for "Signature Algorithm". It'll most likely say sha1WithRSAEncryption. If your CA is good, it'll show sha256WithRSAEncryption. If your CA is really bad, it may show md5WithRSAEncryption.
When asking for SHA256 support, you often get the answer that the software still has problems, it's not ready yet. When asking for more information I never got answers. So I tried it myself. On an up-to-date apache webserver with mod_ssl, it was no problem to install a SHA256 signed certificate based on a SHA256 signed test CA. All browsers I've tried (Firefox 3.6, Konqueror 4.3.5, Opera 10.10, IE8 and even IE6) had no problem with it. You can check it out at https://sha2.hboeck.de/. You will get a certificate warning (obviously, as it's signed by my own test CA), but you'll be able to view the page. If you want to test it without warnings, you can also import the CA certificate.
I'd be interested if this causes any problems (on server or on client side), so please leave a comment if you are aware of any incompatibilities.
Update: By request in the comments, I've also created a SHA512 testcase.
Update 2: StartSSL wrote me that they tried providing SHA256-certificates about a year ago and had too many problems - it wasn't very specific but they mentioned that earlier Windows XP and Windows 2003 Server versions may have problems.