Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

Christopher Morrow morrowc.lists at gmail.com
Sun Jan 4 10:45:38 CST 2009


On Sun, Jan 4, 2009 at 11:40 AM, Christopher Morrow
<morrowc.lists at gmail.com> wrote:
> On Sun, Jan 4, 2009 at 9:37 AM, Marshall Eubanks <tme at multicasttech.com> wrote:
>> There is a discussion of this going on in CFRG.
>>
>> https://www.irtf.org/mailman/listinfo/cfrg
>>
>
> sadly, and apropos I suppose, www.irtf.org is serving up a *.ietf.org
> ssl cert :( and the archives require membership to view them.

oops I should have included the cert ...

subject=/O=*.ietf.org/CN=*.ietf.org/OU=Domain Control Validated
issuer=/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies,
Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield
Secure Certification Authority/serialNumber=10688435

with the chain:
Certificate chain
 0 s:/O=*.ietf.org/CN=*.ietf.org/OU=Domain Control Validated
   i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies,
Inc./OU=http://certificates.starfieldtech.com/repository/
CN=Starfield Secure Certification Authority/serialNumber=10688435
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies,
Inc./OU=http://certificates.starfieldtech.com/repository/
CN=Starfield Secure Certification Authority/serialNumber=10688435
   i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2
Certification Authority
 2 s:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2
Certification Authority
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class
2 Policy Validation Authority/CN=http://www.val
icert.com//emailAddress=info at valicert.com
 3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class
2 Policy Validation Authority/CN=http://www.val
icert.com//emailAddress=info at valicert.com
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class
2 Policy Validation Authority/CN=http://www.val
icert.com//emailAddress=info at valicert.com

-chris




More information about the NANOG mailing list