Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
MD5 Hack Interesting, But Not Threatening
Tim Callan, 2009-01-05

A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.

Submit Comment Mode:
Name:
Subject:
Message:
 
  Enter the characters that appear above
 
Re: MD5 Hack Interesting, But Not Threatening 2009-01-07
Anonymous
"For instance, SHA-1 is already considered weak! Why then not mentioning this and why then still switching to SHA-1 ?"

Because SHA-256 is not well supported in some environments. Migration to SHA-256 will happen because it must, but folks are just now waking up to it.

Most also have their he...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus