Rubénerd!

In 2007, it seemed all we read about in crypto circles were successful attacks against the MD5 and SHA family of hashing algorithms. Well after a six year contest, NIST is about ready to announce a suitable replacement to be dubbed SHA-3.

Interestingly, Bruce Schneier isn't so enthusiastic:

It's not that the new hash functions aren't any good, it's that we don't really need one. [..] We didn't know [in 2006] how long the various SHA-2 variants would remain secure. But it's 2012, and SHA-512 is still looking good.

That said, Skein and it's Threefish block cipher look really intriguing. I eschewed Rijndael/AES and use Twofish for all my personal crypto.

My feedback regarding the latest episode of Security Now:

To whomever Gibsons and Laportes this may concern,

I'm not Bill Kurtis.

I thought I'd just throw a message over to you guys to clarify one point that was raised on Security Now Episode 181 "Crypto Rehash".

Steve, you commented that you failed to see the point of putting MD5 or SHA hashes on websites that offered downloads given that if a website was compromised the hash could easily be changed as well. I must admit I had never thought of it that way myself either; I had a hearty chuckle on the train along with you guys much to the bewilderment of my fellow commuters!

I would comment though that I was under the impression that hashes under download links are not provided for the purposes of verifying a file hasn't been tampered with for security reasons, but was instead provided so you could verify that the downloaded file had been received intact. As a FreeBSD user I download ISO images and regularly use the hashes to verify that the finished download wasn't corrupted while downloading before I burn a coaster with one. Not sure if this is really necessary, but it has alerted me to a couple of failed downloads in the past.

Thanks for the great show and all the effort and preparation you put into each one.

Most humbly and securely yours,
Ruben Schade in A Little Street in Singapore

--------------------------
THIS MESSAGE HAS BEEN SCANNED WITH SUPER AWESOME VIRUS SCANNER 2009. IT WILL SELF DESTRUCT IF DELETED.

It's official folks, the Hong Kong Post Office certificate registrar uses the secure SHA1 hash algorithm not the now-vulnerable MD5. Security Now in-joke :-)

For what it's worth, the official title for the Hong Kong government is sure a mouthful isn't it? And here I was thinking the various Australian government departments had unnecessarily long and complicated names!

SSL Blacklist showing that Gmail doesn't use the vulnerable MD5 algorithm, and that it's certificate issuer isn't on their black list.

I'm typing this post this evening on my beautiful 2002-vintage iBook with Mac OS X Tiger. Still going strong, definitely the most reliable and dependable system I've ever owned.

To be serious now though: it's official folks, there is now awareness of weaknesses of the MD5 algorithm used to sign secure certificates online. Sites that use the more secure SHA1 algorithm are safer, and RapidSSL is now offering it in place of MD5. Still, some are still using MD5, meaning if you connect to them you're not really using a secured connection.

From CodeFromThe70s.org:

An attack has been demonstrated yesterday that highlights the practicality of the well-publicized weaknesses of the MD5 algorithm. Essentially, any certificate signed with the MD5 algorithm may be counterfeit.

There is [...] a large number of CAs out there, and it is certain that some of them will continue to use MD5 for one reason or another.

Therefore it may be prudent to avoid, or, at the very least, not place much trust in websites that authenticate themselves with the help of MD5. After all, there is no way to automatically distinguish between a chain with a genuine MD5-based certificate signature and a chain with a counterfeit certificate.

A solution to this is a Mozilla Firefox plugin called SSL Blacklist which places a small certificate notice in the bottom right hand side of your browser that indicates whether a page is secured with SHA1 or not secure with MD5. This allows you to make informed decisions when using secured sites, and to let existing web hosts know that they should upgrade.

Even before this vulnerability was demonstrated this plugin was a useful addition to the security conscious internet user's toolkit, but this lastest release makes it indispensable. If you don't have it in other words, grab it now! This is an order!

UPDATE: Steve Gibson also goes into great detail about the exploit and the plugin to protect yourself in Security Now 177.