Home page logo

nanog logo nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 03 Jan 2009 21:01:37 +0100

* Hank Nussbacher:

On Fri, 2 Jan 2009, Mikael Abrahamsson wrote:

MD5 is broken, don't use it for anything important.

You mean like for BGP neighbors?

Good point.  However, as a defense against potential blind injection
attacks, even an unhashed password in a TCP option would do the trick
(at least in the non-IXP case, IXPs may pose different challenges).

Wanna suggest an alternative? :-)

Just switch on IPsec. 8-)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]