[110306] in North American Network Operators' Group
Re: Security team successfully cracks SSL using 200 PS3's and MD5
daemon@ATHENA.MIT.EDU (William Warren)
Fri Jan 2 16:04:29 2009
Date: Fri, 02 Jan 2009 16:09:32 -0500
From: William Warren <hescominsoon@emmanuelcomputerconsulting.com>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <bb075cdf0901020604n388729e6w9c6da4e5b54f1b2b@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
Rodrick Brown wrote:
> A team of security researchers and academics has broken a core piece
> of Internet technology. They made their work public at the 25th Chaos
> Communication Congress in Berlin today. The team was able to create a
> rogue certificate authority and use it to issue valid SSL certificates
> for any site they want. The user would have no indication that their
> HTTPS connection was being monitored/modified.
>
> http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/
> http://phreedom.org/research/rogue-ca/
>
>
> --
> [ Rodrick R. Brown ]
> http://www.rodrickbrown.com http://www.linkedin.com/in/rodrickbrown
>
>
>
ssl itself wasn't cracked they simply exploited the known vulnerable md5
hashing. Another hashing method needs to be used.
