[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Certification Authorities are recommended to stop using MD5 altogether"

On Mittwoch, 31. Dezember 2008, Cristian Ionescu-Idbohrn wrote:
> http://www.win.tue.nl/hashclash/rogue-ca/
>
> Could some skilled person comment on the article?
>
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryption".
> Reason to worry?
>

It is a problem. It's a reason to worry.
But it is only one of many. 
(They mentioned that in their presentation: It's a matter
of trust :-) )
Don't trust certificates too much.

See following links for more information:

Homepage Peter Gutman:
http://www.cs.auckland.ac.nz/~pgut001/
http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf

Peter Gutman, PKI: It's Not Dead, Just Resting 2002
http://www2.computer.org/portal/web/csdl/doi/10.1109/MC.2002.1023787

On the Security of Today’s Online Electronic Banking Systems 
http://dx.doi.org/10.1016/S0167-4048(02)00312-7

Quite old, but you get the message...


Hope that helps...
Reply to: