[110355] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Security team successfully cracks SSL using 200 PS3's and MD5

daemon@ATHENA.MIT.EDU (Florian Weimer)
Sat Jan 3 15:03:32 2009

From: Florian Weimer <fw@deneb.enyo.de>
To: Hank Nussbacher <hank@efes.iucc.ac.il>
Date: Sat, 03 Jan 2009 21:01:37 +0100
In-Reply-To: <Pine.LNX.4.64.0901031851230.17922@efes.iucc.ac.il> (Hank
	Nussbacher's message of "Sat, 3 Jan 2009 18:53:25 +0200 (IST)")
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org

* Hank Nussbacher:

> On Fri, 2 Jan 2009, Mikael Abrahamsson wrote:
>
>> MD5 is broken, don't use it for anything important.
>
> You mean like for BGP neighbors?

Good point.  However, as a defense against potential blind injection
attacks, even an unhashed password in a TCP option would do the trick
(at least in the non-IXP case, IXPs may pose different challenges).

> Wanna suggest an alternative? :-)

Just switch on IPsec. 8-)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[110355] in North American Network Operators' Group

Re: Security team successfully cracks SSL using 200 PS3's and MD5

daemon@ATHENA.MIT.EDU (Florian Weimer)Sat Jan 3 15:03:32 2009

daemon@ATHENA.MIT.EDU (Florian Weimer)
Sat Jan 3 15:03:32 2009