Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Suppose you have an Internet banking site based on a secure web server running t

ID: 662109 • Letter: S

Question

Suppose you have an Internet banking site based on a secure web server running the HTTPS protocol via port 443.

The server authenticates itself to clients through an X.509 certificate signed by a CA. The signature is constructed by using RSA encryption of the MD5 hash of the certificate content. The key used for the encryption is a 512-bit private key of the CA.

What is the most obvious weaknesses in such a "setup"? I thought the use of MD5 for integrity would be a weak point as MD5 has been broken. But since it's encrypted with RSA using a 512-bit private key, I guess the MD5 can't really be manipulated?

Explanation / Answer

There are two big weaknesses in what you describe -- and one source of confusion.

The source of confusion is that you are talking about "encryption with the private key" which is a flawed analogy. Really, this is a digital signature. Historically, digital signatures with RSA were first explained as "encryption with the private key", but this proves only confusing because such an explanation conjures images of confidential data, which do not apply to this case. Moreover, it is wrong: standard-compliant RSA signatures (as per PKCS#1) are not "encryption with the private key".

In the situation you describe, the weakness that the examiner expects (I assume this is homework) is that MD5 is weak against collisions; this would allow an attacker to craft a pair of certificate contents, one with his name, the other with the name of the bank site, such that they both hash to the same value. He would then get a certificate for the first case (legitimately) and then use the resulting signature on the second certificate. See this page for a demonstration and a lot of explanations (read it !). The important conceptual point here is that the MD5 hash value can be predicted by the attacker since everything which enters MD5 is known -- thus, thinking about it in terms of "MD5 value was encrypted" triggers exactly the wrong ideas.

The other glaring weakness is that 512-bit RSA is weak. A 512-bit RSA key was broken back in 1999. Several other similarly-sized keys have been broken since; in one case (in 2012), this was done with open-source software and 75$ worth of rented cloud-based CPU.

Related Questions

Suppose you have a production technology that can be characterized by a learning
Question #1147050
Suppose you have a program that already contains the line of code: Carton eggs =
Question #670926
Suppose you have a project with the following cash flows and 10% required return
Question #2637801
Suppose you have a projectile that is a marble and a target. THeyare shot at eac
Question #1263093
Suppose you have a pure solvent that has a boiling point of 78 degreeC. How woul
Question #836289
Suppose you have a random sample of size n from a Uniformdistribution on (0, ).
Question #2919273
Suppose you have a random sample of size n from a Uniformdistribution on (0, ).
Question #2954157
Suppose you have a ray of light that hits a flat surface such as a mirror and is
Question #3818919
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Suppose you have an 8x8x8 matrix whose base address is stored at label matrix_a
Next
Suppose you have an SQL database named us_states with the following (ficticious)

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.