[110293] in North American Network Operators' Group
Re: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Fri Jan 2 11:38:28 2009
Date: Fri, 2 Jan 2009 17:38:14 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <200901021558.n02Fw5bs040941@aurora.sol.net>
Errors-To: nanog-bounces@nanog.org
On Fri, 2 Jan 2009, Joe Greco wrote:
> Anyways, I was under the impression that the whole purpose of the
> revocation capabilities of SSL was to deal with problems like this, and
How to revoke the CA is actually in the file. The fake CA they created
didn't have any revokation.
MD5 is broken, don't use it for anything important.
The reason for their exercise is just as you said, they executed in
practice what had been said to be possible since around 2004-2006. This is
obviously needed for people to start paying attention.
--
Mikael Abrahamsson email: swmike@swm.pp.se
