Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

• Previous message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
• Next message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Of course, md5 *used* to be good crypto.

– S

-----Original Message-----
From: Steven M. Bellovin <smb at cs.columbia.edu>
Sent: Friday, January 02, 2009 14:46
To: Deepak Jain <deepak at ai.net>
Cc: NANOG <nanog at nanog.org>
Subject: Re: Security team successfully cracks SSL using 200 PS3's and MD5      flaw.


On Fri, 2 Jan 2009 16:13:45 -0500
Deepak Jain <deepak at ai.net> wrote:

> > If done properly, that's actually an easier task: you build the
> > update key into the browser.  When it pulls in an update, it
> > verifies that it was signed with the proper key.
> >
>
> If you build it into the browser, how do you revoke it when someone
> throws 2000 PS3s to crack it, or your hash, or your [pick algorithmic
> mistake here].
>
If you use bad crypto, you lose no matter what.  If you use good
crypto, 2,000,000,000 PS3s won't do the job.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

• Previous message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
• Next message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]