PS3 Cluster Used in Attack of MD5 Cryptographic Vulnerabilities

Wednesday 31st December 2008, 06:27:00 AM, written by Carl Bender

Yesterday, at the Chaos Communication Congress in Berlin, a team of researchers presented their report documenting a successful attack on known vulnerabilities within the MD5 cryptographic hash function, one of the commonly used encryption schemes for the assignment and verification of the Certification Authority certificates associated with secure Internet based transactions.  Running a series of MD5 collision/birthday attacks premised on forward serial number assignment predictions, the team was able to synchronize purchase efforts in order to actualize a previously constructed CA certificate through the theft of the target CA's signature. 

Such a rogue certificate allows the holder to create dummy and/or imitation sites registering as "trusted" by all major browsers in use today, permitting the circumvention of https and SSL as a barrier to stealing sensitive private and/or financial information.  This particular certificate was therefore purposefully crippled via the validity dates assigned by the team.  The research team is also for the moment keeping certain aspects of their implementation non-public for publication at a future time, giving industry time to respond to the MD5 situation in the interim.  Verisign for its part has reported immediate cessation of the use of MD5 in new certificate issuances, and other certification companies are likely to follow shortly. 

The full report on the MD5 vulnerability attack is viewable here.

In order to perform the computationally intensive collision operations required for the attack, the team utilized the "Playstation Lab" at Arjen Lenstra's Laboratory for Cryptologic Algorithms in Switzerland, a cluster consisting of 200 PS3 units.  Well suited for cryptologic and other scientific applications, many institutions have opted for the relatively inexpensive route of clustering PS3 consoles to create a Cell/SPE-based supercomputing environment in lieu of more expensive options such as traditional HPC rack-mount solutions, or more transient options such as compute-time rental.  The University of Massachusettes Dartmouth two weeks ago put up a guide for institutions and individuals looking to do the same, but needing assistance in creating the clustered environment.

Discuss on the forums



Related News

Diving into Anti-Aliasing
RWT explores Haswell's eDRAM for graphics
ATI shoots a Bolt through its GPU compute stack
AMD releases CodeXL 1.0
Travelling in Style: Beyond3D's C++ AMP contest
Analysis of Ivy Bridge Graphics Architecture at RWT
RWT analyzes Kepler's architecture
Nvidia 680 GTX (Kepler) Released
Microsoft Releases C++ AMP Open Specification
Nvidia's 2x Guaranteed Program