Security team successfully cracks SSL using 200 PS3's and MD5

Florian Weimer fw at deneb.enyo.de
Fri Jan 2 22:37:56 UTC 2009


* Joe Greco:

> It seems that part of the proposed solution is to get people to move from
> MD5-signed to SHA1-signed.  There will be a certain amount of resistance.
> What I was suggesting was the use of the revocation mechanism as part of
> the "stick" (think carrot-and-stick) in a campaign to replace MD5-based
> certs.  If there is a credible threat to MD5-signed certs, then forcing
> their retirement would seem to be a reasonable reaction, but everyone here
> knows how successful "voluntary" conversion strategies typically are.

A CA statement that they won't issue MD5-signed certificates in the
future should be sufficient.  There's no need to reissue old
certificates, unless the CA thinks other customers have attacked it.

> Either we take the potential for transparent MitM attacks seriously, or 
> we do not.  I'm sure the NSA would prefer "not."  :-)

I doubt the NSA is interested in MITM attacks which can be spotted by
comparing key material. 8-)




More information about the NANOG mailing list