nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 03 Jan 2009 21:01:37 +0100

* Hank Nussbacher:

On Fri, 2 Jan 2009, Mikael Abrahamsson wrote:

MD5 is broken, don't use it for anything important.


You mean like for BGP neighbors?


Good point.  However, as a defense against potential blind injection
attacks, even an unhashed password in a TCP option would do the trick
(at least in the non-IXP case, IXPs may pose different challenges).

Wanna suggest an alternative? :-)


Just switch on IPsec. 8-)

Current thread:

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw., (continued)
- - - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Martin List-Petersen (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Mikael Abrahamsson (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Hank Nussbacher (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Rubens Kuhl Jr. (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Marshall Eubanks (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Christopher Morrow (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Christopher Morrow (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Kevin Oberman (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Nick Hilliard (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)
  - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Valdis . Kletnieks (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Terje Bless (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Jasper Bryant-Greene (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)

(Thread continues...)