Re: "Certification Authorities are recommended to stop using MD5 altogether"
On Wed, 31 Dec 2008 02:39:53 +0100, Cristian Ionescu-Idbohrn wrote:
> Could some skilled person comment on the article?
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryption". Reason
> to worry?
As an aside to my previous post, you may find the following link
Maybe in a few years, NSS will have disabled the use of MD5 and the
ancient MD2 algorithm. I wonder how many other insecure algorithms are
still lurking in NSS, OpenSSL, GNU TLS, Java, etc...