Re: "Certification Authorities are recommended to stop using MD5 altogether"
On Wed, 31 Dec 2008 02:39:53 +0100, Cristian Ionescu-Idbohrn wrote:
> http://www.win.tue.nl/hashclash/rogue-ca/
>
> Could some skilled person comment on the article?
>
> I noticed around 20 certificates distributed with the package
> ca-certificates have "Signature Algorithm: md5WithRSAEncryption". Reason
> to worry?
>
>
> Cheers,
As an aside to my previous post, you may find the following link
interesting:
https://bugzilla.mozilla.org/show_bug.cgi?id=471539
Maybe in a few years, NSS will have disabled the use of MD5 and the
ancient MD2 algorithm. I wonder how many other insecure algorithms are
still lurking in NSS, OpenSSL, GNU TLS, Java, etc...
--
Sam Morris
https://robots.org.uk/
Reply to: