Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Florian Weimer
fw at deneb.enyo.de
Sat Jan 3 20:01:37 UTC 2009
* Hank Nussbacher:
> On Fri, 2 Jan 2009, Mikael Abrahamsson wrote:
>
>> MD5 is broken, don't use it for anything important.
>
> You mean like for BGP neighbors?
Good point. However, as a defense against potential blind injection
attacks, even an unhashed password in a TCP option would do the trick
(at least in the non-IXP case, IXPs may pose different challenges).
> Wanna suggest an alternative? :-)
Just switch on IPsec. 8-)
More information about the NANOG
mailing list