Security by asking the drunk whether he's drunk

Sidney Markowitz sidney at sidney.com
Tue Dec 30 16:21:11 EST 2008


Sidney Markowitz wrote, On 31/12/08 10:08 AM:
> or that CA root certs that use MD5 for their hash are
> still in use and have now been cracked?

I should remember -- morning coffee first, then post.

The CA root certs themselves have not been cracked -- It is the digital
signatures created by some CAs who still use MD5 to sign the certs that
they issue that have been hacked: The known weakness in MD5 allows one
to create two certs with the same MD5 hash, one that is legitimate to
get signed by the CA, and another one for rogue use that can be given
the same signature.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list