, 2009-01-05
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
Margot
Since mid-1990s MD5 is considered weak, in 2004 it was proven again by example and again in 2007 and 2008. Now Calan claims it takes much time to change from MD5. Sure, but not 15 years, not 10 years, nor 5 years....
[ more ]