25C3: Severe Vulnerabilities in SSL and SSH
The last day of the four-day 25C3 congress in Berlin ended with an edge of suspense. In keeping with the theme of the congress, speakers had "nothing to hide" about well-known and new vulnerabilities in two of the most important Internet security protocols, SSH and SSL.
The presentation by Luciano Bello und Maximiliano Bertacchini covered the pseudorandom number generator (PRNG) vulnerability that had plagued Debian the middle of 2008. The two Argentineans once again worked the vulnerability and concluded emphatically that the problem affects not only Debian server admins, but all system admins whose hosts had at one time used Debian to create certificates. Furthermore, the problem affects not just SSH, but GnuPG-signed data and SSL certificates created with libssl.
The speakers ended with an arcane rundown on how theoretical weaknesses in the MD5 hash function could have serious practical consequences. An international team assembled by Hackerspace activist Jacob Appelbaum had identified how a complete root certificate can be generated that all web browsers would unfortunately accept.
The team was looking for an SSL found in current browsers that uses the MD5 hash function, even though MD5 (dating from 1991) "has been broken" since 2004 and caused further vulnerabilities in 2007. The rogue Certification Authority (CA) they could produce had the same hash fingerprint as its originator, which experts call a collision. The collision allows modification via a calculation of a limited number of bytes. The team used a cluster of 200 Playstation 3 machines outfitted with Cell processors and spent three days simulating the collisions. (The alternative would have been running on an Amazon EC2 at a cost of about $20,000.)
The researchers and developers registered a domain and allowed a CA to generate a legitimate SSL certificate by using the old MD5 hash. They then created a collision that produced a sub-certificate and by some scripting and good luck found a certificate with a requested serial number and a defined timestamp (both being required for the attack). Within four weekends they had the rogue SSL certificates they wanted, at a cost of under $1,000.
If a man-in-the-middle attacker could divert the SSL-secured connection and present his own certificate, signed by the falsified sub-certificate, instead of the one requested by the server, no browser would have a chance to recognize the manipulation. These kinds of attacks could pose a serious threat, for example, to e-banking applications with SSL-secured IMAP servers or that run over SSL VPNs. Because the discovers of the attacks don't want to reveal the certificates, there's only a brief window in which browser makers, CAs, and finally users can update their applications.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

News
-
OpenMandriva Lx 6.0 Available for Installation
The latest release of OpenMandriva has arrived with a new kernel, an updated Plasma desktop, and a server edition.
-
TrueNAS 25.04 Arrives with Thousands of Changes
One of the most popular Linux-based NAS solutions has rolled out the latest edition, based on Ubuntu 25.04.
-
Fedora 42 Available with Two New Spins
The latest release from the Fedora Project includes the usual updates, a new kernel, an official KDE Plasma spin, and a new System76 spin.
-
So Long, ArcoLinux
The ArcoLinux distribution is the latest Linux distribution to shut down.
-
What Open Source Pros Look for in a Job Role
Learn what professionals in technical and non-technical roles say is most important when seeking a new position.
-
Asahi Linux Runs into Issues with M4 Support
Due to Apple Silicon changes, the Asahi Linux project is at odds with adding support for the M4 chips.
-
Plasma 6.3.4 Now Available
Although not a major release, Plasma 6.3.4 does fix some bugs and offer a subtle change for the Plasma sidebar.
-
Linux Kernel 6.15 First Release Candidate Now Available
Linux Torvalds has announced that the release candidate for the final release of the Linux 6.15 series is now available.
-
Akamai Will Host kernel.org
The organization dedicated to cloud-based solutions has agreed to host kernel.org to deliver long-term stability for the development team.
-
Linux Kernel 6.14 Released
The latest Linux kernel has arrived with extra Rust support and more.