Real World Exploit for Bleichenbachers Attack on SSL from Crypto'06 working

[Hal Finney]

Erik Tews writes:
> At least 3 major webbrowsers on the marked are shipped by default with
> CA certificates, which have signed other intermediate CAs which use
> rsa1024 with exponent 3, in their current version. With this exploit,
> you can now sign arbitary server certificates for any website of your
> choice, which are accepted by all 3 webbrowsers without any kind of
> ssl-warning-message.

Is that true, did you try all 3 web browsers to see that they don't give
a warning message?  It's not enough that they accept a CA with exponent
3, they also have to have the flaw in verification that lets the bogus
signature through.

If it is true, if three different widely used webbrowsers are all
vulnerable to this attack, it suggests a possible problem due to the
establishment of a cryptographic monoculture.  If it turns out that
the same cryptographic library is used in all three of these browsers,
and that library has the flaw, then this reliance on a single source
for cryptographic technology could be a mistake.

Now in practice I don't think that Internet Explorer and Mozilla/Firefox
use the same crypto libraries, so either these are not two of the three,
or else they have independently made the same error.  It would be nice
to know which it is.

Hal Finney

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com