Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC by Dan Goodin.
From the post:
If you thought MD5 was banished from HTTPS encryption, you’d be wrong. It turns out the fatally weak cryptographic hash function, along with its only slightly stronger SHA1 cousin, are still widely used in the transport layer security protocol that underpins HTTPS. Now, researchers have devised a series of attacks that exploit the weaknesses to break or degrade key protections provided not only by HTTPS but also other encryption protocols, including Internet Protocol Security and secure shell.
The attacks have been dubbed SLOTH—short for security losses from obsolete and truncated transcript hashes. The name is also a not-so-subtle rebuke of the collective laziness of the community that maintains crucial security regimens forming a cornerstone of Internet security. And if the criticism seems harsh, consider this: MD5-based signatures weren’t introduced in TLS until version 1.2, which was released in 2008. That was the same year researchers exploited cryptographic weaknesses in MD5 that allowed them to spoof valid HTTPS certificates for any domain they wanted. Although SHA1 is considerably more resistant to so-called cryptographic collision attacks, it too is considered to be at least theoretically broken. (MD5 signatures were subsequently banned in TLS certificates but not other key aspects of the protocol.)
“Notably, we have found a number of unsafe uses of MD5 in various Internet protocols, yielding exploitable chosen-prefix and generic collision attacks,” the researchers wrote in a technical paper scheduled to be discussed Wednesday at the Real World Cryptography Conference 2016 in Stanford, California. “We also found several unsafe uses of SHA1 that will become dangerous when more efficient collision-finding algorithms for SHA1 are discovered.”
…
Dan’s final sentence touches on the main reason for cyberinsecurity:
The findings generate yet another compelling reason why technical architects should wean themselves off the SHA1 and MD5 functions, even if it generates short-term pain for people who still use older hardware that aren’t capable of using newer, more secure algorithms.
What kind of pain?
Economic pain.
Amazing that owners of older hardware are allowed to endanger everyone with newer hardware.
At least until you realize that no cybersecurity discussions starts with one source of cybersecurity problems, bugs in software.
Increasing penalties for cybercrime isn’t going to decrease the rate of software bugs that make cybercrime possible.
Incentives for the production of better written and tested code, an option heretofore not explored, might. With enough incentive, even the sloth that leads to software bugs might be reduced, but I would not hold my breath.