Group attacks flaw in browser crypto security

Group attacks flaw in browser crypto security
Robert Lemos, SecurityFocus 2008-12-30

An international group of security researchers and academic cryptographers urged browser makers and certificate authorities on Tuesday to drop support for digital signatures based on MD5 hashing, after they claimed to have successfully attacked the trust infrastructure of the Internet by creating a fake, but valid, certificate.

Group attacks flaw in browser crypto security 2008-12-30
Anonymous

What is the difference between a signature algorith and a thumbprint algorithm? If I view the Verisign Class 3 Public Primary CA under the IE browser certificates - it states the signature algorithm is MD2RSA and the thumbprint algorithm is SHA1. Which one should I be concerened about if I want to e...

[ more ]