LAS VEGAS -- If Dan Kaminsky was humbled by the attack on his personal Web server revealed late Tuesday that exposed passwords, email messages and instant message chats to the world, you'd have to think the applause that greeted him upon the start of his session Wednesday at Black Hat USA 2009 would have perked up his spirits and ego.
However, Kaminsky, no worse for wear, spent 75 minutes Wednesday taking out his frustration on X.509 cryptography found in public key infrastructures (PKI), VeriSign, and the continued use of faulty hash algorithms such as MD5 and MD2 by certificate authorities. He revealed that through a simple alteration of the common name in an X.509 certificate, an attacker could trick the certificate authority into certifying the legitimacy of a malicious site.
While the session had hardly the same splash as Kaminsky's 2008 talk, which shed details on his discovery of a critical vulnerability in DNS, the rant against X.509 drew a standing-room-only crowd several people deep.
Kaminksy, who has been advocating the use of DNSSEC or DNS Security Extensions as a remedy for his cache-poisoning bug of a year ago, explained how he used a preimage attack against old hash functions MD5 and MD2 to create the common name output he desired in an X.509 certificate.
Incredibly, not only was MD5 repeatedly smashed, most recently, late last year by a group of researchers, and subsequently pulled by most certificate authorities, Kaminsky said he learned that one of VeriSign Inc. core root certificates is self-signed with MD2. A VeriSign representative said that its certificates, as of May, are no longer signed with MD2 and have been reissued with SHA-1. VeriSign owns two of the Internet's 13 root servers and controls the .com domain. VeriSign has said it is working on signing the .com domain with DNSSEC some time in 2011.
Kaminsky shared his findings with browser vendors such as Mozilla Foundation, Apple Inc. and Microsoft, and other prominent vendors such as Red Hat Inc. and the OpenSSL Project, all of which have agreed to shut off MD2 hashes or are working toward eliminating MD2 use.
"This will blow up and it will be bad," Kaminsky said. "When the MD2 attack happens, you will be able to log into any box you want."
Kamsinky, however, insisted there is no need for immediate panic, nor is there a rush for a mass patch, a la his DNS bug, because of the complexity required to pull off such an attack.