Security team successfully cracks SSL using 200 PS3's and MD5

• Previous message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5
• Next message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Nick Hilliard:

> I think you might be downplaying the size of the problem here.  X.509 and
> TLS/SSL isn't just used for browsers, but for a wide variety of places
> where there is a requirement for PKI based security.  So when you talk
> about a flag day for dealing with SHA-X (where X != 1), have you considered
> the logistical problems of upgrading all those embedded devices around the
> world?

They won't be affected by the flag day, because the flag day is set by
the relying party (that is, the browser), not the CA.

If you've got a real PKI deployment, by definition, you've got
procedures to deal with sudden advances in published cryptanalysis
(even if it involves posting guards at certain buildings, instead of
relying on smartcards for access control).  The problematic areas are
those where cryptography is used to comply with some checklist (or for
PR purposes), and not for its security properties.  In those
environments, algorithm changes can never justify the associated
costs.

• Previous message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5
• Next message (by thread): Security team successfully cracks SSL using 200 PS3's and MD5
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]