Professional Documents
Culture Documents
B LOG
CASE STUDIES
CAREERS
RESOURCES
AB OUT US
CONTACT
MA RCH 8, 2012
SSL Key
Generation
Weaknesses
BY
Carl Livitt
The Impact
If an adversary were able to calculate the secrets for
an SSL certificate, they would be able to create a
duplicate of that certificate. With a duplicate it would
be possible to achieve these goals:
Decrypt any data that was encrypted using the
compromised certificates
Impersonate any system that used the
certificate as a form of authentication
Tamper with encrypted data in transit
Modify encrypted data at rest
Next Steps
It is almost inevitable that tools will be released to
exploit this situation. For example, weaknesses in
Windows password hashing algorithms led to the
release of L0phtcrack; similarly, weaknesses in Wi-Fi
WEP encryption led to the release of AirCrack,
NetStumbler, and many other cracking tools.
It would be prudent to anticipate such tools and
attacks, and prepare systems in advance. The
following steps are highly recommended:
Establish a plan and policy to regularly review
Additional Resources
OWASP Testing SSL-TLS
OWASP Transport Layer Protection Cheat
Sheet
SSLScan Fast SSL Scanner
Penetration Tester Scripting SSL Tests
SHA RE
Tweet
Like
CONTA CT US
Share
Next >
SHA RE WITH US
F ACEB OOK
G OOG LE
EM AIL
PLUS
TW ITTER
OF F ERING S
CASE STUDIES
NEW S & EVENTS
B LOG
CAREERS
CONTACT
COPY RIG H T 2013 B ISH OP F OX
RESOURCES
AB OUT US