nanog mailing list archives
Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 03 Jan 2009 21:01:37 +0100
* Hank Nussbacher:
On Fri, 2 Jan 2009, Mikael Abrahamsson wrote:MD5 is broken, don't use it for anything important.You mean like for BGP neighbors?
Good point. However, as a defense against potential blind injection attacks, even an unhashed password in a TCP option would do the trick (at least in the non-IXP case, IXPs may pose different challenges).
Wanna suggest an alternative? :-)
Just switch on IPsec. 8-)
Current thread:
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw., (continued)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Martin List-Petersen (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Mikael Abrahamsson (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Hank Nussbacher (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Rubens Kuhl Jr. (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Marshall Eubanks (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Christopher Morrow (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Christopher Morrow (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Kevin Oberman (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Nick Hilliard (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Terje Bless (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Jasper Bryant-Greene (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)