Security team successfully cracks SSL using 200 PS3's and MD5
Marshall Eubanks
tme at multicasttech.com
Sat Jan 3 15:36:08 UTC 2009
On Jan 3, 2009, at 9:38 AM, Dorn Hetzel wrote:
> Would using the combination of both MD5 and SHA-1 raise the
> computational
> bar enough for now,
I have never seen this recommended (and I do try and follow this).
> or are there other good prospects for a harder to crack
> hash?
The Federal Information Processing Standard 180-2, Secure Hash
Standard, specifies algorithms for computing five cryptographic hash
functions — SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
SHA-256 is thought to be still safe, unlike SHA-1
http://eprint.iacr.org/2008/271
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
and its use is recommended by RFC4509.
http://tools.ietf.org/html/rfc4509
So, I would use SHA-256 if possible. (SHA-224 is a truncation of -256
- see rfc3874.)
There is, BTW, a competition to find a replacement.
http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
Regards
Marshall
>
>
> On Sat, Jan 3, 2009 at 9:35 AM, William Warren <
> hescominsoon at emmanuelcomputerconsulting.com> wrote:
>
>> Dragos Ruiu wrote:
>>
>>>
>>> On 2-Jan-09, at 9:56 AM, Robert Mathews (OSIA) wrote:
>>>
>>> Joe Greco wrote:
>>>>
>>>>> [ .... ]
>>>>>
>>>>> Either we take the potential for transparent MitM attacks
>>>>> seriously, or
>>>>> we do not. I'm sure the NSA would prefer "not." :-)
>>>>>
>>>>> As for the points raised in your message, yes, there are
>>>>> additional
>>>>> problems with clients that have not taken this seriously. It is,
>>>>> however,
>>>>> one thing to have locks on your door that you do not lock, and
>>>>> another
>>>>> thing entirely not to have locks (and therefore completely lack
>>>>> the
>>>>> ability to lock). I hope that there is some serious thought
>>>>> going on in
>>>>> the browser groups about this sort of issue.
>>>>>
>>>>> [ ... ]
>>>>>
>>>>> ... JG
>>>>>
>>>>
>>>> F Y I, see:
>>>>
>>>> SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
>>>> certificates @
>>>> http://www.codefromthe70s.org/sslblacklist.aspx
>>>>
>>>> Best.
>>>>
>>>
>>> Snort rule to detect said...
>>>
>>> url: http://vrt-sourcefire.blogspot.com/2009/01/md5-actually-harmful.html
>>>
>>> alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"POLICY
>>> Weak SSL
>>> OSCP response -- MD5 usage"; content:"content-type:
>>> application/ocsp-response"; content:"2A 86 48 86 F7 0D 01 01 05";
>>> metadata:
>>> policy security-ips drop, service http; reference: url,
>>> www.win.tue.nl/hashclash/rogue-ca/; classtype: policy-violation;
>>> sid:1000001;)
>>>
>>> cheers,
>>> --dr
>>>
>>> --
>>> World Security Pros. Cutting Edge Training, Tools, and Techniques
>>> Vancouver, Canada March 16-20 2009 http://cansecwest.com
>>> London, U.K. May 27/28 2009 http://eusecwest.com
>>> pgpkey http://dragos.com/ kyxpgp
>>>
>>>
>>>
>>> Everyone seems to be stampeding to SHA-1..yet it was broken in
>>> 2005. So
>> we trade MD5 for SHA-1? This makes no sense.
>>
>>
More information about the NANOG
mailing list