nanog mailing list archives

RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

From: Deepak Jain <deepak () ai net>
Date: Fri, 2 Jan 2009 18:26:33 -0500

If you use bad crypto, you lose no matter what.  If you use good
crypto, 2,000,000,000 PS3s won't do the job.


Even if you use good crypto, and someone steals your key (say, a previously in-access person) you need a way to 
reliably, completely, revoke it. This has been a problem with SSL since its
[implementation] inception. Lots of math (crypto) is good on paper and fails at the implementation stage.

Deepak

Current thread:

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw., (continued)
- - - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)
  - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Valdis . Kletnieks (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Terje Bless (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Jasper Bryant-Greene (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Valdis . Kletnieks (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 05)

(Thread continues...)