Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - MD5 Considered harmful today - Creating a rogue CA certificate InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MD5 Considered harmful today - Creating a rogue CA certificate

Published: 2008-12-30
Last Updated: 2008-12-30 21:17:25 UTC
by G. N. White (Version: 2)
0 comment(s)

Rather than paraphrase the content of the presentation made at the CCC, use the following link to read about the gory detail - as provided by the authors themselves:

http://www.win.tue.nl/hashclash/rogue-ca/

 

UPDATE:  A copy of the presentation slide deck is available here:

 http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt

 

 UPDATE:  Microsoft have issued a Security Advisory (961509) here:

http://www.microsoft.com/technet/security/advisory/961509.mspx

 

 UPDATE:  Thanks to reader Juha-Matti for these additional links pertaining to today's annoucement:

Mozilla's Security Blog response:
http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/

Microsoft Security Vulnerability Research & Defense (SVRD) Blog response:
http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
 

 

 

Keywords:
0 comment(s)
Diary Archives