[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

Subject: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
From: swmike at swm.pp.se (Mikael Abrahamsson)
Date: Fri, 2 Jan 2009 17:38:14 +0100 (CET)
In-reply-to: <[email protected]>
References: <[email protected]>

On Fri, 2 Jan 2009, Joe Greco wrote:

> Anyways, I was under the impression that the whole purpose of the
> revocation capabilities of SSL was to deal with problems like this, and

How to revoke the CA is actually in the file. The fake CA they created 
didn't have any revokation.

MD5 is broken, don't use it for anything important.

The reason for their exercise is just as you said, they executed in 
practice what had been said to be possible since around 2004-2006. This is 
obviously needed for people to start paying attention.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

Follow-Ups:
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
  - From: hank at efes.iucc.ac.il (Hank Nussbacher)

References:
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
  - From: jgreco at ns.sol.net (Joe Greco)

Prev by Date: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Next by Date: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Previous by thread: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Next by thread: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Index(es):
- Date
- Thread