[Owasp-delhi] SSL Broken..

Pranav Joshi pranav.joshi at kriss.in
Fri Jan 2 03:16:39 EST 2009

Hello Everyone.

It's been quite a while since security issues with MD5 algorithm started
cropping up regarding reproducible hash collisions (a.k.a Birthday
Attack), this one ups the ante by driving the final nail in it's coffin.

Since, MD5 is also used in signing certificates the browsers will have no
way of telling the difference between a genuine and a rogue website unless
other hashing algorithms like SHA-1 are also used.


Warm Regards,
Pranav Joshi
Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
Email: pranav.joshi at kriss.in
Phone: +91-9958967766

More information about the Owasp-delhi mailing list