[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security team successfully cracks SSL using 200 PS3's and MD5

Subject: Security team successfully cracks SSL using 200 PS3's and MD5
From: fw at deneb.enyo.de (Florian Weimer)
Date: Fri, 02 Jan 2009 23:37:56 +0100
In-reply-to: <[email protected]> (Joe Greco's message of "Fri, 2 Jan 2009 11:33:48 -0600 (CST)")
References: <[email protected]>

* Joe Greco:

> It seems that part of the proposed solution is to get people to move from
> MD5-signed to SHA1-signed.  There will be a certain amount of resistance.
> What I was suggesting was the use of the revocation mechanism as part of
> the "stick" (think carrot-and-stick) in a campaign to replace MD5-based
> certs.  If there is a credible threat to MD5-signed certs, then forcing
> their retirement would seem to be a reasonable reaction, but everyone here
> knows how successful "voluntary" conversion strategies typically are.

A CA statement that they won't issue MD5-signed certificates in the
future should be sufficient.  There's no need to reissue old
certificates, unless the CA thinks other customers have attacked it.

> Either we take the potential for transparent MitM attacks seriously, or 
> we do not.  I'm sure the NSA would prefer "not."  :-)

I doubt the NSA is interested in MITM attacks which can be spotted by
comparing key material. 8-)

Follow-Ups:
- Security team successfully cracks SSL using 200 PS3's and MD5
  - From: jgreco at ns.sol.net (Joe Greco)

References:
- Security team successfully cracks SSL using 200 PS3's and MD5
  - From: jgreco at ns.sol.net (Joe Greco)

Prev by Date: Security team successfully cracks SSL using 200 PS3's and MD5
Next by Date: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Previous by thread: Security team successfully cracks SSL using 200 PS3's and MD5
Next by thread: Security team successfully cracks SSL using 200 PS3's and MD5
Index(es):
- Date
- Thread