[Owasp-delhi] SSL Broken..

Pranav Joshi pranav.joshi at kriss.in
Fri Jan 2 03:16:39 EST 2009


Hello Everyone.

It's been quite a while since security issues with MD5 algorithm started
cropping up regarding reproducible hash collisions (a.k.a Birthday
Attack), this one ups the ante by driving the final nail in it's coffin.

Since, MD5 is also used in signing certificates the browsers will have no
way of telling the difference between a genuine and a rogue website unless
other hashing algorithms like SHA-1 are also used.

http://blogs.computerworld.com/md5_ca_hack_and_the_ps3

Warm Regards,
Pranav Joshi
Consultant - Information Security [CISA/GHTQ/GWAS/Security+]
Email: pranav.joshi at kriss.in
Phone: +91-9958967766



More information about the Owasp-delhi mailing list