Verisign’s SSL scheme hacked

A group of researchers from Berkeley, have claimed that they have been successful in hacking the SSL scheme used by Verisign for securing Web sites.  The researchers claim that they used flaw in hashing algorithm to create fake digital certificates for Web sites. Interestingly the hacking was done using a farm of Sony Playstation-3 systems.

verisign ssl encryption
verisign ssl encryption

The researchers indicated that they had exploited a bug in the MD5 hashing algorithm used to create some of the digital certificates used by Web sites to prove they are what they claim to be. By taking advantage of the known flaws and caveats in the algorithm, they were able to hack VeriSign Inc.’s RapidSSL.com certificate authority site and create fake digital certificates for any Web site on the Internet.

The Playstation farm was used to set up a fake Certification Authority for issuing bogus certificates. The Playstation’s Cell processor is popular with code breakers because it is particularly good at performing cryptographic functions.

Cryptographers have been gradually chipping away at the security of MD5 since 2004, when a team lead by Shandong University’s Wang Xiaoyun demonstrated flaws in the algorithm.

Story copyright 2008 International Data Group (IDG). All rights reserved.