RE: Security team successfully cracks SSL using 200 PS3's and MD5flaw.

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

RE: Security team successfully cracks SSL using 200 PS3's and MD5flaw.

From: Deepak Jain
Date: Fri Jan 02 16:16:37 2009

Accept-language: en-US
Acceptlanguage: en-US
List-archive: <http://mailman.nanog.org/pipermail/nanog>
List-help: <mailto:nanog-request@nanog.org?subject=help>
List-id: North American Network Operators Group <nanog.nanog.org>
List-post: <mailto:nanog@nanog.org>
List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=subscribe>
List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=unsubscribe>

> ssl itself wasn't cracked they simply exploited the known vulnerable
> md5
> hashing.  Another hashing method needs to be used.

The encryption algorithm wasn't hacked. Correct. Another hashing method 
may help. Yup. 

My problem is with the chain-of-trust and a lack of reasonable or reasonably reliable (pick) 
ways of revoking certificates. 

Deepak

References:
- Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Rodrick Brown
- Re: Security team successfully cracks SSL using 200 PS3's and MD5flaw. William Warren

Prev by Date: RE: Security team successfully cracks SSL using 200 PS3's and MD5flaw.
Next by Date: RE: Security team successfully cracks SSL using 200 PS3's and MD5flaw.
Date Index
Thread Index
Author Index
Historical