undefined | Better HN

0 pointsfreeone30001y ago0 comments

The cert can still be broken. The signatures are difficult, but not impossible, to break: it can and has been done with much older certificates, which means it will likely be doable to current certificates in a few years. In addition, certificate rotation allows for mandatory algorithm updates and certificate transparency logs. CT itself has exposed a few actors breaking the CA/B rules by backdating certificates with weaker encryption standards.

Certificate expiration, and cryptographic key rotation in general, works and is useful.

0 comments

bawolff1y ago

> which means it will likely be doable to current certificates in a few years

It is extremely unlikely a modern certificate will be broken in the time horizon of a few years through a cryptography break.

All systems eventually fail, but i expect it will be several decades at the earliest before a modern certificate breaks from a crypto attack.

Keep in mind that md5 started to be warned against in 1996. It wasn't until 2012 that a malicious attack used md5's weakness. That is 16 years from warning to attack. At this stage we dont even know about any weaknesses about currently used crypto (except quantum stuff)

Rotating certificates is more about guarding against incorrectly issued and compromised certificates.

j16sdiz1y ago

Many modern crypto can be broken by nonce reuse.

Rotating certificates guard against bad PRNG and birthday paradox

bawolff1y ago

I disagree. I don't think rotating certificates would help against birthday attacks or bad prng.

Tbh, i have no idea which part you are attacking with the birthday attack in this specific context. It doesn't seem particularly relavent.

(At the risk of saying something stupid) - i was under the impression RSA did not use nonces, so i don't see how that is relavent for an rsa cert.

For an ecdsa cert, nonce reuse is pretty catastrophic. I fail to see how short lived certs help since the old certs don't magically disappear, they still exist and can be used in attacks even after being rotated.

2 more replies

marshray1y ago

Crypto breaks are a concern for sure, but typically the more short-term concern is server compromise. Cert revocation is not reliably checked by all clients, and sites may not even know to revoke it.

So it's essential that if/when a bad guy pops a single server that they don't get a secret that allows them to conduct further attacks against the site for some indefinite period into the future.

Jerrrrrrry1y ago

apple cider to apples

https://leahneukirchen.org/blog/archive/2019/10/ken-thompson...

[previous hn discussion]: https://news.ycombinator.com/item?id=21202905

j / k navigate · click thread line to collapse

0 comments

bawolff1y ago

> which means it will likely be doable to current certificates in a few years

It is extremely unlikely a modern certificate will be broken in the time horizon of a few years through a cryptography break.

All systems eventually fail, but i expect it will be several decades at the earliest before a modern certificate breaks from a crypto attack.

Rotating certificates is more about guarding against incorrectly issued and compromised certificates.

j16sdiz1y ago

Many modern crypto can be broken by nonce reuse.

Rotating certificates guard against bad PRNG and birthday paradox

bawolff1y ago

I disagree. I don't think rotating certificates would help against birthday attacks or bad prng.

Tbh, i have no idea which part you are attacking with the birthday attack in this specific context. It doesn't seem particularly relavent.

(At the risk of saying something stupid) - i was under the impression RSA did not use nonces, so i don't see how that is relavent for an rsa cert.

2 more replies

marshray1y ago

Crypto breaks are a concern for sure, but typically the more short-term concern is server compromise. Cert revocation is not reliably checked by all clients, and sites may not even know to revoke it.

So it's essential that if/when a bad guy pops a single server that they don't get a secret that allows them to conduct further attacks against the site for some indefinite period into the future.

Jerrrrrrry1y ago

apple cider to apples

https://leahneukirchen.org/blog/archive/2019/10/ken-thompson...

[previous hn discussion]: https://news.ycombinator.com/item?id=21202905

j / k navigate · click thread line to collapse