SSL MD5 security encryption

shadron · 6th January 2009, 11:21 PM

SSL, the web protocol which allows for secure communication of financial data and the like over the web, is vulnerable to an exploit of the MD5 hashing algorithm. I think this is going to spread some paranoia out in etherland.

It's a pretty technical article for IT geeks, but you might learn something about cryptography if you read it: http://blogs.techrepublic.com.com/ne...76&tag=nl.e101

It might also scare you some if you supervise an https domain with a shopping cart on it.

ddt · 7th January 2009, 06:07 AM

Originally Posted by shadron

SSL, the web protocol which allows for secure communication of financial data and the like over the web, is vulnerable to an exploit of the MD5 hashing algorithm. I think this is going to spread some paranoia out in etherland.

And from your link, here is the article of the authors of the collision: MD5 considered harmful today. They claim that they can generate a usable MD5 collision in the matter of hours. Oops...

Originally Posted by shadron

It might also scare you some if you supervise an https domain with a shopping cart on it.

Many webshops don't even care for https... And then there's the issue of phishers who register a domain name that resembles the real name of your bank/shop/etc. and happily use https the way it's intended.

vexed · 17th January 2009, 09:19 PM

Leo Laporte and Steve Gibson discuss this on 'Security Now', very interesting.

http://twit.tv/sn Episode #179 (the most current at the time of this post)

7th January 2009, 06:07 AM	#2
ddt Mafia Penguin Join Date: Dec 2007 Location: Netherlands Posts: 10,406	Originally Posted by shadron SSL, the web protocol which allows for secure communication of financial data and the like over the web, is vulnerable to an exploit of the MD5 hashing algorithm. I think this is going to spread some paranoia out in etherland. And from your link, here is the article of the authors of the collision: MD5 considered harmful today. They claim that they can generate a usable MD5 collision in the matter of hours. Oops... Originally Posted by shadron It might also scare you some if you supervise an https domain with a shopping cart on it. Many webshops don't even care for https... And then there's the issue of phishers who register a domain name that resembles the real name of your bank/shop/etc. and happily use https the way it's intended.
	__________________ Proud member of the Solipsistic Autosycophant's Group

17th January 2009, 09:19 PM	#3
vexed Critical Thinker Join Date: Jun 2007 Location: Earth Posts: 314	Leo Laporte and Steve Gibson discuss this on 'Security Now', very interesting. http://twit.tv/sn Episode #179 (the most current at the time of this post)
	__________________ "Thinking critically is a chore. It does not come naturally or easily. And if the fruits of such efforts are not carefully displayed to young minds, then they will not harvest them. Every school child must be implanted with the wonder of the atom, not the thrall of magic." - Perry DeAngelis

6th January 2009, 11:21 PM	#1
shadron Philosopher Join Date: Sep 2005 Location: Colorado Posts: 5,719	SSL MD5 security encryption SSL, the web protocol which allows for secure communication of financial data and the like over the web, is vulnerable to an exploit of the MD5 hashing algorithm. I think this is going to spread some paranoia out in etherland. It's a pretty technical article for IT geeks, but you might learn something about cryptography if you read it: http://blogs.techrepublic.com.com/ne...76&tag=nl.e101 It might also scare you some if you supervise an https domain with a shopping cart on it.