, 2009-01-05
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
Expand all |
Post comment
MD5 Hack Interesting, But Not Threatening
2009-01-06
Charlie Miller (1 replies)
Charlie Miller (1 replies)
Re: MD5 Hack Interesting, But Not Threatening
2009-01-06
Robert Lemos (5 replies)
Robert Lemos (5 replies)
Verisign were notified about this work prior to the presentation
2009-01-06
Alexander Sotirov (1 replies)
Alexander Sotirov (1 replies)
MD5 Hack Interesting, But Not Threatening
2009-01-08
Charles Hunter (1 replies)
Charles Hunter (1 replies)
Re: MD5 Hack Interesting, But Not Threatening
2009-01-09
Robert Lemos (2 replies)
Robert Lemos (2 replies)
I'm specifically talking about the ``it took the researchers a month and cost them some money, so we're confident nobody else has had time to do this'' comment: That these guys were the first to publish such an attack, doesn't mean nobody has succeeded with a similar attack before. And buying hardware for some substantial computing power certainly doesn't exceed the budget of, just to pick a popular example, an intelligence agency.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/488/35304#35304