nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5

From: Gadi Evron <ge () linuxbox org>
Date: Fri, 2 Jan 2009 20:53:06 -0600 (CST)

On Fri, 2 Jan 2009, Dragos Ruiu wrote:

www.win.tue.nl/hashclash/rogue-ca/; classtype: policy-violation;sid:1000001;)

You can't really use any snort rule to detect SHA-1 certs created by afake authority created using the MD5 issue.

Yes, this is a serious matter, but it hardly has any operational impact tospeak of for users and none for NSPs.


        Gadi.

Current thread:

Re: Security team successfully cracks SSL using 200 PS3's and MD5, (continued)
- - - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Matthew Kaufman (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Michael Sinatra (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Colin Alston (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - DNSSEC vs. X509 (Re: Security team successfully cracks SSL...) Paul Vixie (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 Stasiniewicz, Adam (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Robert Mathews (OSIA) (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dragos Ruiu (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Gadi Evron (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dragos Ruiu (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Christopher Morrow (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 William Warren (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dorn Hetzel (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Marshall Eubanks (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Steven M. Bellovin (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Christopher Morrow (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Steven M. Bellovin (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Nick Hilliard (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Florian Weimer (Jan 03)

(Thread continues...)