[Owasp-delhi] SSL Broken..
pranav.joshi at kriss.in
Fri Jan 2 03:16:39 EST 2009
It's been quite a while since security issues with MD5 algorithm started
cropping up regarding reproducible hash collisions (a.k.a Birthday
Attack), this one ups the ante by driving the final nail in it's coffin.
Since, MD5 is also used in signing certificates the browsers will have no
way of telling the difference between a genuine and a rogue website unless
other hashing algorithms like SHA-1 are also used.
Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
Email: pranav.joshi at kriss.in
More information about the Owasp-delhi