cluster those PS3s
OK, this is kinda of interesting.
A 200 clustered PS3s made it possible to forge certificates using MD-5 for the signing algorithm.
It was only a matter of time, I mean this was brought up like 4 years ago or something. But it is good to see that it was done, and with relatively cheap hardware. The thing I find humorous is that they are claiming to have broken SSL. Nope, sorry, you broke some certificates that some people use for SSL. This is not a flaw in SSL as much as it is a flaw in the hashing algorithm used by some CAs, or a flaw in the browsers that still associate a default trust for such CAs. Nothing like using scary words to get attention.
Maybe verisign well stop using MD-2 for some of their root certificates.
Happy new year
A 200 clustered PS3s made it possible to forge certificates using MD-5 for the signing algorithm.
It was only a matter of time, I mean this was brought up like 4 years ago or something. But it is good to see that it was done, and with relatively cheap hardware. The thing I find humorous is that they are claiming to have broken SSL. Nope, sorry, you broke some certificates that some people use for SSL. This is not a flaw in SSL as much as it is a flaw in the hashing algorithm used by some CAs, or a flaw in the browsers that still associate a default trust for such CAs. Nothing like using scary words to get attention.
Maybe verisign well stop using MD-2 for some of their root certificates.
Happy new year