[Cryptography] NSA and cryptanalysis

Jerry Leichter leichter at lrw.com
Mon Sep 2 07:21:25 EDT 2013


On Sep 1, 2013, at 10:35 PM, James A. Donald wrote:
>> Meanwhile, on the authentication side, Stuxnet provided evidence that the secret community *does* have capabilities (to conduct a collision attacks) beyond those known to the public - capabilities sufficient to produce fake Windows updates.
> 
> Do we know they produced fake windows updates without assistance from Microsoft?
For some version of "know".  From http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/:

"Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.

The compromise exploited weaknesses in Terminal Server, a service many enterprises use to provide remote access to end-user computers. By targeting an undisclosed encryption algorithm Microsoft used to issue licenses for the service, attackers were able to create rogue intermediate certificate authorities that contained the imprimatur of Microsoft's own root authority certificate—an extremely sensitive cryptographic seal. Rogue intermediate certificate authorities that contained the stamp were then able to trick administrators and end users into trusting various Flame components by falsely certifying they were produced by Microsoft....

Based on the language in Microsoft's blog posts, it's impossible to rule out the possibility that at least one of the certificates revoked in the update was ... created using [previously reported] MD5 weaknesses [which allowed collision attacks]. Indeed, two of the underlying credentials used MD5, while the third used the more advanced SHA-1 algorithm. In a Frequently Asked Questions section of Microsoft Security Advisory (2718704), Microsoft's security team also said: "During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers." The advisory didn't elaborate."

                                                        -- Jerry





More information about the cryptography mailing list