DigiCert QuoVadis

News and Events

QuoVadis SSL not affected by MD5 Collision Attack
5 Jan 2009

Last week at the Chaos Communication Congress in Berlin, researchers outlined an attack that combined substantial computing power with a collision vulnerability in the MD5 algorithm to create a false SSL certificate using the RapidSSL brand of certificates.

QuoVadis SSL certificates are not affected by this attack. Previous studies between 2004 and 2007 had identified weaknesses with MD5, whose use has been discontinued by most CAs. QuoVadis uses the combination of SHA-1 With RSA Encryption, and has procedures in place to step to different key sizes and algorithms (such as SHA-2) as required.

This attack does not compromise the overall use of digital certificates and signatures when secure cryptographic hash functions are used. Although the attack only affects certificates created using MD5 under certain conditions, websites using certificates with MD5 With RSA Encryption should consider getting a replacement SSL.

The authors of the study point out that Extended Validation certificates as a group disallow the use of MD5.

For more guidance on the MD5 Collision attack, view:

  • Microsoft issued a Security Advisory (961509): "Research proves feasibility of collision attacks against MD5", and a Microsoft Technet blog item “Information regarding MD5 collisions problem”.
  • Mozilla has a short item in the "Mozilla Security Blog": "MD5 Weaknesses Could Lead to Certificate Forgery".
  • US-CERT, the US Department of Homeland Security's Computer Emergency Readiness Team, published Vulnerability Note VU#836068: "MD5 vulnerable to collision attacks" which states:
    • "Do not use the MD5 algorithm:  Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use."
    • "Scrutinize SSL certificates signed by certificates using the MD5 algorithm:  Users may wish to manually analyze the properties of web site certificates (...) Certificates listed as md5RSA or similar are affected. Such certificates that include strange or suspicious fields or other anomalies may be fraudulent. Because there are no reliable signs of tampering it must be noted that this workaround is error-prone and impractical for most users."