Uh oh, SSL! 200 PS3s gunning for you

Printable View

December 31st, 2008, 08:35 PM
phernandez

Uh oh, SSL! 200 PS3s gunning for you

Ah, the Playstation 3... Might be outsold by the Wii and Xbox 360, but it has been leading to some interesting IT diversions.

MD5 considered harmful today: Creating a rogue CA certificate

Quote:

Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats.

...A single attempt for constructing a chosen-prefix collision costs about a little more than a day. The first stage consisting of the birthday search is computationally the most expensive. Luckily it is also very suited for the special SPU cores of the Cell Processor that the Sony PlayStation 3 uses. We had about 200 PS3s at our disposal, located at the "PlayStation Lab" of Arjen Lenstra at EPFL, Lausanne, Switzerland (see the picture). The birthdaying takes about 18 hours on the 200 PS3s using 30GB of memory that was equally divided over the PS3s.

[via Engadget]
December 31st, 2008, 09:11 PM
Cheap Scotch Ron

I vaguely recall this exposure (MD5 collisions) publicized a few years ago. I guess someone finally implemented the theory. To mitigate the risk, you salt the key before encryption. Use a large salt sequence. That should make it practically "impossible"... at least for a little while. FYI.. VeriSign no longer uses MD5 for their checksum.

CSR
January 1st, 2009, 11:35 AM
nihil

The hardware side is certainly familiar:

Quote:

Game consoles use hardware specialized for the computational needs of the detailed 3D graphics in games. This hardware is also very suited for the basic arithmetic used in cryptographic algorithms and greatly outperforms general purpose computers on brute-force computations. We have found that one PlayStation 3 game console is equivalent to about 40 modern single core processors. The most computationally intensive part of our method required about 3 days of work with over 200 game consoles, which is equivalent to 32 years of computing on a typical desktop computer. Common graphic cards have been used by some for MD5 cryptanalysis as well.

GPU and game console processors are much better at this sort of thing than your general purpose PC processor.
January 3rd, 2009, 01:35 AM
oofki

Quote:

Originally Posted by nihil

GPU and game console processors are much better at this sort of thing than your general purpose PC processor.

Very true, that is because they are multi-threaded and still run at a high frequency. Last I checked some single core GPUS are capable of running 256 threads!
January 4th, 2009, 09:36 PM
Cheap Scotch Ron

related article...

http://www.tgdaily.com/html_tmp/cont...40806-108.html

I checked all my client certificates as well as the https sites I frequent. I didnt find any exposures.
I wonder how much of this is marketing tactics.
January 6th, 2009, 04:02 AM
t34b4g5

http://www.tomshardware.co.uk/Sony-P...ews-29961.html

Quote:

We alerted to this story some days ago but it's now official. Independent researchers Jacob Appelbaum and Alexander Sotirov, as well as computer scientists from the Centrum Wiskunde&Informatica, the Ecole Polytechnique Federale de Lausanne, the Eindhoven University of Technology and the University of California, Berkeley have successfully used 200 PS3's to break of one of the MD5 algorithms used in issuing security certificates for websites. Security certificates are used to confirm that a website is legitimate and not an attempt to mislead the visitor. Once the team broke though the algorithm, they were able to hack into the RapidSSL.com website. After this, the team was able to produce false security certificates that had identical MD5 hash values as legitimate certificates.

:drink: