nanog mailing list archives
Re: Security team successfully cracks SSL using 200 PS3's and MD5
From: Valdis.Kletnieks () vt edu
Date: Sun, 04 Jan 2009 17:52:10 -0500
On Sun, 04 Jan 2009 15:58:34 CST, Joe Greco said:
Technically the only thing necessary to prevent this attack has already been done, and that is to stop issuing certs signed with MD5 so that no one else can create a rogue CA via this means.Are we certain that existing certs cannot be subverted?
The attack depends on being able to to jigger up *two* certs that have the same MD5 hash. Therefor, attacking an existing cert would require either: 1) That the existing cert be one of a pair (in other words, somebody else already knew about the current attack and also did it). or 2) Somebody has found a way to cause a collision to a specified MD5 hash (which is still impractical, AFAIK). If anybody has a subvertible cert, it's pretty safe to guess that they *know* they have such a cert, because they themselves *built* the cert that way.
Attachment:
_bin
Description:
Current thread:
- Re: Security team successfully cracks SSL using 200 PS3's and MD5, (continued)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Florian Weimer (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Neil (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Etaoin Shrdlu (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Brian Keefer (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Florian Weimer (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Brian Keefer (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Valdis . Kletnieks (Jan 04)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Florian Weimer (Jan 03)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Martin List-Petersen (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Gadi Evron (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)