nanog mailing list archives
Re: Security team successfully cracks SSL using 200 PS3's and MD5
From: Joe Abley <jabley () hopcount ca>
Date: Fri, 2 Jan 2009 12:39:30 -0500
On 2 Jan 2009, at 12:33, Joe Greco wrote:
We cannot continue to justify security failure on the basis that asignificant percentage of the clients don't support it, or are broken intheir support. That's an argument for fixing the clients.
At a more basic level, though, isn't failure guaranteed for these kind of clients (web browsers) so long as users are conditioned to click OK/ Continue for every SSL certificate failure that is reported to them?
If I was attempting a large-scale man-in-the-middle attack, perhaps I'd be happier to do no work and intercept 5% of sessions (those who click OK on a certificate that is clearly bogus) than I would to do an enormous amount of work and intercept 100% (those who would see no warnings). And surely 5% is a massive under-estimate.
Joe
Current thread:
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw., (continued)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Terje Bless (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Jasper Bryant-Greene (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
- RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Valdis . Kletnieks (Jan 05)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 05)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
- Re: Security team successfully cracks SSL using 200 PS3's and MD5 Matthew Kaufman (Jan 05)