Hi folks,
I saw this blog & am curious if the VE would be able to catch a rogue ssl created by them.
http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/
Lance
VE currently does not check for this.
Melih
Is Comodos certificates using this MD5 hash/cryptation? ???
yes they use both: MD5 and ShA1 fingerprints…
Seems like md5 should be dropped after reading that article. :-X :-X
But I know nothing about SSL almost except that it does some handshaking encryption and stuff.
!ot!
Are comodos certificated sites attackable/open to frauds if one user manages to get hold of computer power equal of 200 PS3 and got the proper knowledge like those who preformed this?
If I understanded it correctly the attack was possible due to a flaw in MD5.
While ShA1 is yet to be breached, and should therefor be a favorite in the SSL encryption industry?
there is not much info available for hacker to exploit this vulnerability…
when certificate authorities use in future the SHA 2 encryption method and there is some kind of control of what is what and where goes where… and when using extended validation is becoming more and more used, I think we all can be more safer…
But real safe does not exist… in fact it has never existed…
we have discontinued MD5 sometime ago…
Melih