Home page logo

nanog logo nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 03 Jan 2009 22:33:53 +0100

* Nick Hilliard:

I think you might be downplaying the size of the problem here.  X.509 and
TLS/SSL isn't just used for browsers, but for a wide variety of places
where there is a requirement for PKI based security.  So when you talk
about a flag day for dealing with SHA-X (where X != 1), have you considered
the logistical problems of upgrading all those embedded devices around the

They won't be affected by the flag day, because the flag day is set by
the relying party (that is, the browser), not the CA.

If you've got a real PKI deployment, by definition, you've got
procedures to deal with sudden advances in published cryptanalysis
(even if it involves posting guards at certain buildings, instead of
relying on smartcards for access control).  The problematic areas are
those where cryptography is used to comply with some checklist (or for
PR purposes), and not for its security properties.  In those
environments, algorithm changes can never justify the associated

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]