[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Certification Authorities are recommended to stop using MD5 altogether"

On Mittwoch, 31. Dezember 2008, Cristian Ionescu-Idbohrn wrote:
> http://www.win.tue.nl/hashclash/rogue-ca/
> Could some skilled person comment on the article?
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryption".
> Reason to worry?

It is a problem. It's a reason to worry.
But it is only one of many. 
(They mentioned that in their presentation: It's a matter
of trust :-) )
Don't trust certificates too much.

See following links for more information:

Homepage Peter Gutman:

Peter Gutman, PKI: It's Not Dead, Just Resting 2002

On the Security of Today’s Online Electronic Banking Systems 

Quite old, but you get the message...

Hope that helps...

Reply to: