MD5 Collisions and Hard Decisions
I’m sure all of you are aware of the MD5 collision research that was revealed a few weeks ago at 25C3. Very interesting research to say the least and their paper is definitely worth the read, bonus points for using the cluster of PS3s.
But, everyone else in the world has blogged about the fallout from that. And there has been some talk about revoking the affected root CA from Internet Explorer/Firefox, but Firefox 2.x doesn’t support that and neither does IE 6, and the certificate has a blank URL for revocation anyways. While the research was interesting I’m sure thats been discussed enough and I’m a lot more interested in the aftermath. This is especially true since there have been know collisions with MD5 for quite a while now, this was really just a bunch of really smart guys pointing out what a lot of people forgot that they knew, and how cheaply they could do it.
There was talk about this on the DailyDave mailing list, about how security is about making the hard decisions, and I think it’s worth thinking about this in a control system context. At what point does a service or interface to control system have to be disabled due to security concerns, or a secure protocol is cracked? Who controls the services/interfaces between your SCADA network and your corporate network (and the hopefully non existant interface between SCADA and internet)? If your Historian has an unpatched vulnerability disclosed is that enough to remove access to it? Published exploit? Worm? Is there ever a case where you would remove access to it?
Making the right decisions in situations like these is critical, but knowing who makes those decisions and more importantly, how those decisions are going to be put into action is just as important and often an afterthought that causes a lot of problems. Think of it as a fire escape plan for your software, do you have one?
Author: Daniel Peck
Posted: January 12th, 2009 under Big Picture, Calculating Risk, Vulnerability Disclosure.
Comments: 1
Comments
Comment from Éireann Leverett
Time: January 13, 2009, 7:39 am
I have personally pursued a walk-but-don’t-run policy away from MD5 for years. I found every opportunity to replace it, or ensure it wasn’t chosen during the design of new functionality. I ruffled a lot of feathers, and many people still probably think that exercise was pointless (since they don’t follow cryptography news). However, I KNEW when I read the paper on implementing those collisions that I had made the right choices. Luckily, I am concerned with development and not deployment, so I don’t have to make that hard decision today. If you are making it now, my sympathies are with you.
My suggestion is that we push vendors (yes, like mine) to disclose their crypto stack. This covers a couple things:
1) People who are using non-standard/undicslosed encryption are identified. (Wasn’t weak authentication one of Rita Wells top list?)
2) Identify how far along their app-sec program is: If they think it needs to be kept secret you know you have a problem.
3) You know what crypto news you need to be following for your deployment, and can ask for upgrades ahead of time.
Let’s face it, MD5 didn’t suddenly break…we’ve been watching it unravel for years. If you knew that it was in the product when you bought it, you’d be one step ahead of this game already.
So ask-before-you-buy!
Write a comment