This is absolutely huge and devastating news. A weakness in the MD5 hashing algorithm presented today allows for spoofing hashes by creating a “collision”, ie a different message that hashes to the same thing as a target message. What does that mean to you and me? That means that this weakness can allow SSL certificates to be forged that will be recognized as valid by your browser. This is a “holy crap” moment for everyone that depends on these, such as say anyone that does banking online or ever uses a credit card online. Also excreting bricks I’m sure is Verisign, who rakes in large amounts of money by minting these certificates.
It’s a shame this came out during the holidays because I have coworkers who spend all their time thinking about and working on these kinds of issues. I’m looking forward to talking about it with them on Monday. For now, I’m curious how quickly certificates can be reissued with non-broken hashes.
Update: My second paragraph doesn’t make much sense. Rereading the abstract, it seems like the worst risk here is that phishing sites will forge SSL certs that verify, and state that they are the organization they are impersonating. So, you follow a phishing link and when you click the lock icon, it says that it is from Bank of America, or whomever. The risk is not in existing certificates, the risk is that new ones can be forged at will.
In comments, Andrew links to Verisign’s response. As I read their response, it is all about the security of currently issued certs, and does not address the future where validity of a cert can no longer be treated as validity of the site. I wonder if the next step is for Mozilla and IE to explicitly deprecate all certs that use an MD5 hash and only validate fully if SHA-1 is used? I’m not sure at this point what the remediation is. After sleeping on it, it still seems huge.