Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

Deepak Jain deepak at ai.net
Fri Jan 2 15:13:45 CST 2009


> If done properly, that's actually an easier task: you build the update
> key into the browser.  When it pulls in an update, it verifies that it
> was signed with the proper key.
> 

If you build it into the browser, how do you revoke it when someone throws 2000 PS3s to crack it, or your hash, or your [pick algorithmic mistake here].

Deepak




More information about the NANOG mailing list