Re: Creating a rogue CA certificate

[Valdis.Kletnieks () vt edu]

On Tue, 30 Dec 2008 15:29:54 PST, chort said:

> Assuming source code, or even full attack details, are published any
> time soon

http://www.win.tue.nl/hashclash/rogue-ca/ had reasonably complete details,
at least enough to make obviously clear that this is one attack that will
*not* make it into metsploit (which makes it pretty obvious that n3td3v did
not in fact read and comprehend that URL before commenting).

About the only part that isn't spelled out is in section 5.3.4:

"However, some crucial improvements to this method have been developed that
made the present application possible. Details of those improvements will be
published in a forthcoming academic paper."

And if you don't have a room full of PS3s, the FAQ at the bottom helpfully
tells you that the attack needed the equivalent of 32 CPU-years inside a 3-day
window, which tells you a 4,000 node botnet could probably work (again, outside
the feature list for metasploit).  Presumably, a larger botnet would allow
a BFI attack that lacked the "crucial improvements".

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/