Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


20081230: CA impacted by MD5 vulnerability

MD5 hash algorithm has long been vulnerable to collision attacks. A group of researchers has demonstrated how to use this flaw to substitute a X509 certificate by an other, in order to get a sub-CA and sign real-fake certificates. http://www.win.tue.nl/hashclash/rogue-ca/

Those researchers have manage to make use of this vulnerability by a certification Authority supplying 1-factor certificates (Why are Domain-validated certificates dangerous?). They were able to predict the automated issued certificates' serial numbers and validity periods.

Thankfully, the serious Certification Authorities ceased to use MD5 as hash algorithm a long time ago. SHA1 is now the hash standard. None of the certificates delivered by TBS INTERNET uses MD5, except for ChamberSign certificates (that will use SHA1 as of September 2009).

The SSL protocol and certificates security is not put at odds by this technologic progress.

TBS INTERNET announced a few days ago, in December 2008, the introduction of SHA256-signed certificates, one of the SHA2 family hash algorithms, currrently impregnable (SHA256-signed certificates).

We informed the concerned customers they were in possession of a MD5 certificate and offered them a free SHA1 certificate as replacement.

Incident follow-up: http://www.kb.cert.org/vuls/id/836068

How to check the signature algorithm of a certificate?

Use Firefox and go on a secured website (in https). Double click on the padlock. A popup appears, go on the "Security" tab and click on "View certificate". Go on the "Details" tab and look for the "Certificate signature algorithm". You'll see either MD5 or SHA1".

Or : Go on your certificate status page. Click on "Check your certificate" and look for the "Signature Algorithm" in the result page.

2011 04 15: Mozilla Foundation urges Certification Authorities to abandon MD5

Mozilla Foundation wants certification Authorities (CAs) to comply with the new encipherment standard.
This new standard is currently being defined by the « CA/Browser Forum » (Version 1.0 Draft 30b: Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates).
Mozilla put pressure on the Certification Authorities by announcing that as of June 30, 2011, Mozilla software won't allow MD5-signed certificates anymore (Cf security issue detailed hereabove).

Since 2009, TBS INTERNET has not issued a single certificate using MD5.