[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

Subject: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sat, 03 Jan 2009 21:01:37 +0100
In-reply-to: <[email protected]> (Hank Nussbacher's message of "Sat, 3 Jan 2009 18:53:25 +0200 (IST)")
References: <[email protected]> <[email protected]> <[email protected]>

* Hank Nussbacher:

> On Fri, 2 Jan 2009, Mikael Abrahamsson wrote:
>
>> MD5 is broken, don't use it for anything important.
>
> You mean like for BGP neighbors?

Good point.  However, as a defense against potential blind injection
attacks, even an unhashed password in a TCP option would do the trick
(at least in the non-IXP case, IXPs may pose different challenges).

> Wanna suggest an alternative? :-)

Just switch on IPsec. 8-)

References:
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
  - From: jgreco at ns.sol.net (Joe Greco)
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
  - From: swmike at swm.pp.se (Mikael Abrahamsson)
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
  - From: hank at efes.iucc.ac.il (Hank Nussbacher)

Prev by Date: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Next by Date: Security team successfully cracks SSL using 200 PS3's and MD5
Previous by thread: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Next by thread: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Index(es):
- Date
- Thread