Home page logo
/

nanog logo nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Fri, 2 Jan 2009 18:07:48 -0500

On Fri, 2 Jan 2009 16:51:53 -0600
Skywing <Skywing () valhallalegends com> wrote:

Of course, md5 *used* to be good crypto.

See http://www.cs.columbia.edu/~smb/blog/2008-12/2008-12-30.html for
the links, but MD5 has been suspect for a very long time.

Dobbertin found problems with it in 1996.  The need for caution with it
was not just knowable but known, and stated publicly.  I'm sure others
did so as well; I can only easily quote my own works.  From the second
edition of my Firewalls book, in 2003:

        Additionally, \i{SHA} has replaced \i{MD5}, as the latter
        appears to be weaker than previously believed.

and

        Hints of weakness have shown up in MD5 and RIPEMD-160; cautious
        people will eschew them, though none of the attacks are of use
        against either function when used with HMAC\ ()  
        
        As of this writing, the \i{NIST} algorithm appears to be the
        best choice. For many purposes, the newer versions of SHA are
        better; these have block sizes ranging from 256 to 512 bits.

Even if that were not enough, Wang et al presented the actual
collisions in 2004.  There have been many updates and patches to more
or less everything since then...

Yes -- if you pick something that's very weak, you can get caught by
surprise.  But modern algorithms don't fall all at once.

I should add, of course, that if you use bad algorithms or bad
protocols, it doesn't matter where you store the public key.  When I
said that the update problem was easier, what I was saying is that
you're not relying on outside parties for verification of identity,
etc., it's all your own data.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]