nanog mailing list archives
RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
From: Skywing <Skywing () valhallalegends com>
Date: Fri, 2 Jan 2009 16:51:53 -0600
Of course, md5 *used* to be good crypto. – S -----Original Message----- From: Steven M. Bellovin <smb () cs columbia edu> Sent: Friday, January 02, 2009 14:46 To: Deepak Jain <deepak () ai net> Cc: NANOG <nanog () nanog org> Subject: Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. On Fri, 2 Jan 2009 16:13:45 -0500 Deepak Jain <deepak () ai net> wrote:
If done properly, that's actually an easier task: you build the update key into the browser. When it pulls in an update, it verifies that it was signed with the proper key.If you build it into the browser, how do you revoke it when someone throws 2000 PS3s to crack it, or your hash, or your [pick algorithmic mistake here].
If you use bad crypto, you lose no matter what. If you use good crypto, 2,000,000,000 PS3s won't do the job. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- <Possible follow-ups>
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Frank Bulk (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Marshall Eubanks (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Valdis . Kletnieks (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)