Group attacks flaw in browser crypto security

Group attacks flaw in browser crypto security
Robert Lemos, SecurityFocus 2008-12-30

An international group of security researchers and academic cryptographers urged browser makers and certificate authorities on Tuesday to drop support for digital signatures based on MD5 hashing, after they claimed to have successfully attacked the trust infrastructure of the Internet by creating a fake, but valid, certificate.

Colapse all | Post comment

Group attacks flaw in browser crypto security 2008-12-30
Anonymous

What is the difference between a signature algorith and a thumbprint algorithm? If I view the Verisign Class 3 Public Primary CA under the IE browser certificates - it states the signature algorithm is MD2RSA and the thumbprint algorithm is SHA1. Which one should I be concerened about if I want to e...

[ more ] [ reply ]

Group attacks flaw in browser crypto security 2009-01-01
Extremesecurity.blogspot.com

Imagine malware authors and phishers start combining rogue ca certificates and infect users's systems and redirect them to a "fake bank website with valid certificate" ... boom !

read more ...

http://extremesecurity.blogspot.com/2008/12/kaminskys-dns-bug-rogue-ca-certificates.html...

[ more ] [ reply ]