Nmap Development mailing list archives
Re: On the topic of SSL and MD5 (was Re: [NSE])
From: MadHat Unspecific <madhat () unspecific com>
Date: Mon, 12 Jan 2009 14:40:41 -0600
Brandon Enright wrote:
On Mon, 12 Jan 2009 10:46:39 -0800 bensonk () acm wwu edu wrote: ...snip...There's also a link to another blog post which describes exactly how[4] MD5 sigs can be made safe.
<snip>
The best solution is to remove all CA certs that sign with MD5 from your browser trust. It is naive to think in a MitM scenario your Nmap scanner is going to scan and detect a cert signed using MD5 *before* the attack starts.
Not what anyone was thinking, as far as I know. Once again, the idea of the scan to detect an MD5 signature was not to prevent anything bad from happening, but to manage expectation of management. The issue has been in the news and they don't understand the full technical details. If it makes management feel better to know we do not use any SSL certs signed using md5, then verify for me that we don't use any certs signed with md5. I don't care if it actually helps or not, it makes management happy and guess who signs *MY* check? Also, this is not MY place of business that is having the issue. This is an issue being experienced by friends in the industry. I was merely looking for a way to help them verify if they had any certs that fell into the "concerning" category. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org -- MadHat (at) Unspecific.com "The true man wants two things: danger and play. For that reason he wants woman, as the most dangerous plaything." - Friedrich Nietzsche _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] MadHat Unspecific (Jan 12)
- Re: [NSE] bensonk (Jan 12)
- Re: [NSE] MadHat Unspecific (Jan 12)
- On the topic of SSL and MD5 (was Re: [NSE]) Brandon Enright (Jan 12)
- Re: On the topic of SSL and MD5 (was Re: [NSE]) MadHat Unspecific (Jan 12)
- Re: On the topic of SSL and MD5 (was Re: [NSE]) Brandon Enright (Jan 12)
- Re: On the topic of SSL and MD5 (was Re: [NSE]) Daniel Roethlisberger (Jan 12)
- Re: On the topic of SSL and MD5 (was Re: [NSE]) Brandon Enright (Jan 12)
- Re: [NSE] bensonk (Jan 12)