MD5 is not good for CA
Bruce Schneier in his book Secrets and Lies wrote how his friend at NSA define CA: Someone whom you know can violate your security policy without getting caught
Well, now it has been proved that it is possible to spoof certificate, as if was signed by trusted CA.
Interesting presentation that shows exploiting the weakness of MD5, they can create a rouge CA certificate.
Moral of the story: dont use MD5 to sign certificate.
UPDATE: you can block HTTPS session that use SSL certificates signed with MD5 hash using IPS.
UPDATE2: there is a firefox plugin to block MD5 signed certificates
Well, now it has been proved that it is possible to spoof certificate, as if was signed by trusted CA.
Interesting presentation that shows exploiting the weakness of MD5, they can create a rouge CA certificate.
Moral of the story: dont use MD5 to sign certificate.
UPDATE: you can block HTTPS session that use SSL certificates signed with MD5 hash using IPS.
UPDATE2: there is a firefox plugin to block MD5 signed certificates
Labels: security
posted by omarg at
5:34 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home