[SSL Observatory] Using observatory data to check CAcert

[Ralph Holz]

Hi,

> I have not checked the CAcert database for the Debian SSL
> vulnerability, as that would've been non-trivial. There were scripts
> shipped with the SSL Observatory data, but I found them not easy to
> use, so I skipped that part. 

I would expect EFF to have done that as they did report on the number of
PRNG-flawed certificates in either their Defcon or 27C3 talk.

Anyway, I have scripts here to do that if you're interested. They're
mostly Python and PL/PGSQL (intended to run inside postgres). The real
surprise was actually to learn how the Debian packagers had computed
their blacklist hashes.

> I'd say that I'm quite satisfied with the reactions of CAcert. I always
> got fast replies to questions I had and the issues were resolved in a
> proper way. I have other points of criticism on the security of CAcert,
> the issue that bothers me most is that they still use SHA-1 and refuse
> to switch to a more secure hashing algorithm like SHA-512, although all
> major browsers have support for this since a long time.

I think this has also been discussed at Mozilla, with software
compability reasons cited as a problem (I think).

Anyway, people often take SHA1 to be broken. That, however, depends on
your point of view. You might say collisions at feasible computational
time mean the algorithm is broken. However, the state-of-the-art for
actual pre-image attacks is a much much higher boundary, and that's the
attack that is the real problem.

NIST is holding the SHA-3 competition. For the moment, it looks like we
won't have to rush and phase out SHA-1 right now, but *CRYPT conferences
can prove us wrong, of course.

Ralph

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110730/6ccc15e0/attachment.sig>