Comments on: The cat is out of the bag … http://events.ccc.de/2008/12/30/the-cat-is-out-of-the-bag/ About the Congress and other CCC events Wed, 08 Feb 2012 10:34:20 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Broken Trust « ThreatFire Research Blog http://events.ccc.de/2008/12/30/the-cat-is-out-of-the-bag/comment-page-1/#comment-14819 Broken Trust « ThreatFire Research Blog Tue, 27 Oct 2009 21:23:30 +0000 http://events.ccc.de/?p=833#comment-14819 [...] Yesterday’s presentation at the Chaos Communication Congress by a handful of researchers brought to light that the use of MD5 for secure computing (digital certificates, SSL, etc) truly is gasping its last breath. A fine summary of the MD5 algorithm and its use by the Certificate Authorities is written up by Scott Merrill here.Unfortunately, Mr. Merrill makes the same lame excuse for the CA’s that most of the software world has made for decades regarding change: “MD5 has been known for some time to be weak against collision attacks, but running a CA is a pretty complex operation, so the entities behind them are slow to change.” Pretty complex? When something is broken, profitable security enterprises have the resources to change it (the researchers themselves state that the “affected CAs are switching to SHA-1″). That excuse simply is not valid. [...] [...] Yesterday’s presentation at the Chaos Communication Congress by a handful of researchers brought to light that the use of MD5 for secure computing (digital certificates, SSL, etc) truly is gasping its last breath. A fine summary of the MD5 algorithm and its use by the Certificate Authorities is written up by Scott Merrill here.Unfortunately, Mr. Merrill makes the same lame excuse for the CA’s that most of the software world has made for decades regarding change: “MD5 has been known for some time to be weak against collision attacks, but running a CA is a pretty complex operation, so the entities behind them are slow to change.” Pretty complex? When something is broken, profitable security enterprises have the resources to change it (the researchers themselves state that the “affected CAs are switching to SHA-1″). That excuse simply is not valid. [...]

]]> By: akronymitis http://events.ccc.de/2008/12/30/the-cat-is-out-of-the-bag/comment-page-1/#comment-12960 akronymitis Wed, 07 Jan 2009 21:26:20 +0000 http://events.ccc.de/?p=833#comment-12960 The "SSL Blacklist" plugin for Firefox will warn you about certificates that are affected by the MD5 vulnerability. (It original function is to report weak Debian OpenSSL certificates.) Ironically, it also generates a MD5-related warning with events.ccc.de. :) The “SSL Blacklist” plugin for Firefox will warn you about certificates that are affected by the MD5 vulnerability. (It original function is to report weak Debian OpenSSL certificates.) Ironically, it also generates a MD5-related warning with events.ccc.de. :)

]]> By: socialwebcms.com http://events.ccc.de/2008/12/30/the-cat-is-out-of-the-bag/comment-page-1/#comment-12836 socialwebcms.com Tue, 30 Dec 2008 15:12:04 +0000 http://events.ccc.de/?p=833#comment-12836 <strong>CCC Events Weblog » Blog Archive » The cat is out of the bag …...</strong> MD5 will be proven obsolete later today. SSL and any other false sense of security that existed in the world is about to be a joke.... CCC Events Weblog » Blog Archive » The cat is out of the bag ……

MD5 will be proven obsolete later today. SSL and any other false sense of security that existed in the world is about to be a joke….

]]>