Home page logo
/

nanog logo nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5
From: Valdis.Kletnieks () vt edu
Date: Sun, 04 Jan 2009 17:52:10 -0500

On Sun, 04 Jan 2009 15:58:34 CST, Joe Greco said:

Technically the only thing necessary to prevent  
this attack has already been done, and that is to stop issuing certs  
signed with MD5 so that no one else can create a rogue CA via this  
means.
 
Are we certain that existing certs cannot be subverted?

The attack depends on being able to to jigger up *two* certs that have the
same MD5 hash.  Therefor, attacking an existing cert would require either:

1) That the existing cert be one of a pair (in other words, somebody else
already knew about the current attack and also did it).

or

2) Somebody has found a way to cause a collision to a specified MD5 hash (which
is still impractical, AFAIK).

If anybody has a subvertible cert, it's pretty safe to guess that they *know*
they have such a cert, because they themselves *built* the cert that way.

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]