[146515] in cryptography@c2.net mail archive
Re: [Cryptography] NSA and cryptanalysis
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Mon Sep 2 13:26:48 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <5223F959.1040204@echeque.com>
Date: Mon, 2 Sep 2013 07:21:25 -0400
To: jamesd@echeque.com
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sep 1, 2013, at 10:35 PM, James A. Donald wrote:
>> Meanwhile, on the authentication side, Stuxnet provided evidence that th=
e secret community *does* have capabilities (to conduct a collision attacks=
) beyond those known to the public - capabilities sufficient to produce fak=
e Windows updates.
> =
> Do we know they produced fake windows updates without assistance from Mic=
rosoft?
For some version of "know". From http://arstechnica.com/security/2012/06/f=
lame-malware-was-signed-by-rogue-microsoft-certificate/:
"Microsoft released an emergency Windows update on Sunday after revealing t=
hat one of its trusted digital signatures was being abused to certify the v=
alidity of the Flame malware that has infected computers in Iran and other =
Middle Eastern Countries.
The compromise exploited weaknesses in Terminal Server, a service many ente=
rprises use to provide remote access to end-user computers. By targeting an=
undisclosed encryption algorithm Microsoft used to issue licenses for the =
service, attackers were able to create rogue intermediate certificate autho=
rities that contained the imprimatur of Microsoft's own root authority cert=
ificate=97an extremely sensitive cryptographic seal. Rogue intermediate cer=
tificate authorities that contained the stamp were then able to trick admin=
istrators and end users into trusting various Flame components by falsely c=
ertifying they were produced by Microsoft....
Based on the language in Microsoft's blog posts, it's impossible to rule ou=
t the possibility that at least one of the certificates revoked in the upda=
te was ... created using [previously reported] MD5 weaknesses [which allowe=
d collision attacks]. Indeed, two of the underlying credentials used MD5, w=
hile the third used the more advanced SHA-1 algorithm. In a Frequently Aske=
d Questions section of Microsoft Security Advisory (2718704), Microsoft's s=
ecurity team also said: "During our investigation, a third Certificate Auth=
ority has been found to have issued certificates with weak ciphers." The ad=
visory didn't elaborate."
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
