nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5

From: Mark Andrews <Mark_Andrews () isc org>
Date: Tue, 06 Jan 2009 09:43:51 +1100


In message <20090105201859.GC15107 () ferrum uhlenkott net>, Jason Uhlenkott write
s:

On Fri, Jan 02, 2009 at 15:33:05 -0600, Joe Greco wrote:

This would seem to point out some critical shortcomings in the current SSL
system; these shortcomings are not necessarily technological, but rather
social/psychological.  We need the ability for Tom, Dick, or Harry to be
able to crank out a SSL cert with a minimum of fuss or cost; having to 
learn the complexities of SSL is itself a "fuss" which has significantly 
and negatively impacted Internet security.

Somehow, we managed to figure out how to do this with PGP and keysigning,
but it all fell apart (I can hear the "it doesn't scale" already) with SSL.


If we had DNSSEC, we could do away with SSL CAs entirely.  The owner
of each domain or host could publish a self-signed cert in a TXT RR,
and the DNS chain of trust would be the only form of validation needed.

 
Or one could use the CERT to publish a cert :-)

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews () isc org

Current thread:

Re: Security team successfully cracks SSL using 200 PS3's and MD5, (continued)
- - - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Valdis . Kletnieks (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Matthew Kaufman (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Michael Sinatra (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Colin Alston (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - DNSSEC vs. X509 (Re: Security team successfully cracks SSL...) Paul Vixie (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 Stasiniewicz, Adam (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Robert Mathews (OSIA) (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dragos Ruiu (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Gadi Evron (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dragos Ruiu (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Christopher Morrow (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 William Warren (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dorn Hetzel (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Marshall Eubanks (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Steven M. Bellovin (Jan 03)

(Thread continues...)