After this column of smoothtalk I certainly do not trust Calan or Verisign anymore.

Since mid-1990s MD5 is considered weak, in 2004 it was proven again by example and again in 2007 and 2008. Now Calan claims it takes much time to change from MD5. Sure, but not 15 years, not 10 years, nor 5 years. Unless you just wanted to wait for the old certificates to expire, not to start panicing the clients by an intermediate renewal! A renewal that could cost eighter Verisign or the clients huge money since Verisign willingly used a weak function.

And than the excuse for the RapidSSL situation: hello, you acquired them in 2006! Even if it is suffering a massive culture shock due to reorganizing: the situation remains that of not changing the very weak MD5 in the core business of signing in over two years, after at least two audits! Sure, Verisign/RapidSSL would replace it in January anyway. Somehow Calan, Verisign, RapidSSL all failed to mention this before. Now, too little too late, Calan realizes it is worth mentioning this phasing out of MD5 as part of a longterm plan. Let's not mention this a few months well in advance to our clients, since it is such a hughe change that must be prepared carfully! Part of the established processes for upgrading standards and technologies that are safe, reliable, and seamless to almost everyone involved, if everybody keeps silent about using a weak function untill then.

And (again!) critisizing the security team which proved the weakness of MD5... Shame on you! Calan, Verisign RapidSSL, all they did not have to know of any details about this weakness before the presentation. Why? Because MD5 should have been considered as weak for years! Calan, Verisign, RapidSSL all just rather gambled there would not be any significant impact before the turnaround that would take them years of risking their customers. Why I call it a risk? Since the public disclosure of an example does not mean criminals did not discover this earlier! And that is the next flaw in the smoothtalk of Calan: claiming they are fully confident that no malicious organization had the opportunity to use this information is far from security minded. First, these criminals would not need the information of the researchers. If researchers can think of this as an example, then for sure criminals can do this earlier. And why should they not be able to do this, nor after the presentation? The researchers mentiond they _guess_ it will take smart criminals a month if these criminals did not do any work in advance. The researchers are just guessing. And about that computerpower hordle: I guess Calan and Verisign did not ever hear of criminals owning hunderds of thousands of hijacked computers as part of botnets, far more powerfull then the gameconsoles used by the researchers.

My advice to Calan and Verisign: stop the smoothtalk, the blaming and start taking responsibility! For instance, SHA-1 is already considered weak! Why then not mentioning this and why then still switching to SHA-1 ?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/488/35295#35295