Full Disclosure mailing list archives
Re: Creating a rogue CA certificate
From: "Elazar Broad" <elazar () hushmail com>
Date: Tue, 30 Dec 2008 16:13:07 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And they should have listened then, it was only a matter of time before someone fleshed out a practical attack, and that time is now. Then again, I am sure there some ATM's out there still using DES. How many time's do we need to prove Moore's law... On Tue, 30 Dec 2008 15:26:46 -0500 Nelson Murilo <nelson () pangeia com br> wrote:
Implementation could be new, but this vulnerabillity is knew since 2004, the year that md5 was broken. http://www.cryptography.com/cnews/hash.html ./nelson -murilo On Tue, Dec 30, 2008 at 08:10:16PM +0000, n3td3v wrote:Aiding script kids to get credit card numbers out of folks e-commercepurchases. I'm sure the U.S secret service have a specialinterest inthis vulnerability, as so much of their time nowadays is takenupfollowing up on internet carders and shutting them down. On Tue, Dec 30, 2008 at 5:03 PM, Elazar Broad<elazar () hushmail com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SSL/PKI is only as strong as the weakest CA... For those of you who haven't been following this, here you go: http://www.win.tue.nl/hashclash/rogue-ca/ http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAklajuMACgkQi04xwClgpZjS4QP7Beyc04b+CoGgpDWS7ojdnPMdI8Ty XhEWqZxa5mVyy+uAFIXxc5I/J1BtsZKJPhV+mlIW9zWgUJASvn0LrLKGzzt+Bhlb3rYW pGiL8UlmBOCf99qYBRF69vevSdA3gdu/JebXIWu33nPB7qZho6SSHYCwF7u5TJILgtI3 aiL33GQ= =C7PQ -----END PGP SIGNATURE----- -- Click to become a master chef, own a restaurant and make millions. http://tagline.hushmail.com/fc/PnY6qxtWo9fln3EqgOtev3Xt2UqYrdnKRqkHGIlsPHfICpCCcCO6k/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Creating a rogue CA certificate, (continued)
- Re: Creating a rogue CA certificate don bailey (Dec 30)
- Re: Creating a rogue CA certificate n3td3v (Dec 30)
- Re: Creating a rogue CA certificate chort (Dec 30)
- Re: Creating a rogue CA certificate Valdis . Kletnieks (Dec 30)
- Re: Creating a rogue CA certificate chort (Dec 30)
- Re: Creating a rogue CA certificate Valdis . Kletnieks (Dec 30)
- Re: Creating a rogue CA certificate chort (Dec 30)
- Re: Creating a rogue CA certificate Ureleet (Dec 31)
- Re: Creating a rogue CA certificate Valdis . Kletnieks (Dec 30)
- Re: Creating a rogue CA certificate Valdis . Kletnieks (Dec 31)