Closed schwabe closed 3 years ago
pitbulk
commented
3 years ago If you register a fingerprint on the IdP for Signature validation, an attacker can find a certificate in which sha-x algorithm returns the same value. The attacker can then sign any XML and the Signature validation will pass.
If you register a certificate instead, such certificate gonna be used for the Signature validation and not others.
schwabe
commented
3 years ago If you can find a certificate for which the same hash is returned then that hash is no longer secure. Neither in checking if the certificate is the correct nor whether the actual signature on the response of the IDP is correct.
If finding such a hash collission is possible it is just as easy to create another assertion for which the sha-x algorithm returns the same value as a valid answer. And x509 signing relies signing the hash only.
I don't contest that using an X509 cert instead a fingerprint is better for production. E.g. a fingerprint breaks if a certificate breaks by renewing but keeping keypair identical while a cert will continue to work. I just pointing out that the assumption made in the reasoning is dobious.
…e verification
The reasoning of a fingerprint hash weaker than providing a certificate like a CA is wrong.
A X509 signature of a certificate always uses a Hash like SHA1, SHA256, etc, which is then signed. E.g.
openssl1.1 x509 -text -in sp-test.pem
So these are as vulnerable to collision attacks as fingeprints.
Depending on the implementation of the fingerprint, there are other for not using them. E.g. some implementation ignore other problem with a certificate like validity or missing EKUs.