Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.From: Florian Weimer <fw () deneb enyo de> Date: Sat, 03 Jan 2009 21:01:37 +0100
* Hank Nussbacher:
On Fri, 2 Jan 2009, Mikael Abrahamsson wrote:
MD5 is broken, don't use it for anything important.
You mean like for BGP neighbors?
Good point. However, as a defense against potential blind injection
attacks, even an unhashed password in a TCP option would do the trick
(at least in the non-IXP case, IXPs may pose different challenges).