Comments on: MD5 is really seriously broken this time

By: Tom Scheetz

Tom Scheetz — Sat, 23 Jan 2010 16:41:36 +0000

I have used equifax in the past and found the service to be quite good. Most of the credit rating services are fairly similar eitherway

By: Security Musings » Blog Archive » Basic Certificate Reading

Security Musings » Blog Archive » Basic Certificate Reading — Wed, 08 Jul 2009 15:03:07 +0000

[...] You’ll also be able to tell if a website is using the MD5 hashing algorithm, which is seriously broken this time. [...]

By: Laura Raderman

Laura Raderman — Thu, 23 Apr 2009 17:09:35 +0000

As of that morning, all new attacks were stopped. The weaknesses in MD5 that allowed this attack have been known since 2005, and just because this group of researchers was the first to publicize it does not mean that there are not other rogue CAs in existence. So yes, the vulnerability can no longer be exploited. But if it was ever exploited in the past, there’s still risk to anyone who depends on the RapidSSL CA.

By: KR

KR — Thu, 23 Apr 2009 17:04:01 +0000

On December 30, 2008 at the Chaos Communication Congress in Berlin, three researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL Certificate using the RapidSSL brand of certificates.
VeriSign are happy to announce that this attack articulated was rendered ineffective for all SSL Certificates available from VeriSign by 11am PST of the same day.

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=S:AR1050&actp=search&searchid=1233050826955
****
End all is:
This vulnerabilty no longer exists.

By: Security Musings » Blog Archive » PowerShell - Making life easier

Security Musings » Blog Archive » PowerShell - Making life easier — Tue, 17 Feb 2009 23:02:46 +0000

[...] Today’s tutorial is anything new, but just thought I’d share some recent experience with Microsoft’s PowerShell. I’ve been playing around with PowerShell (PS) for a little while now, but nothing too extravagant, I’m not an administrator so I don’t have hundreds of little tasks I have to do on a daily basis (unless I can write a script to help me wake up and get ready in the morning.. C:>Set-TeethClean ? ) – Anyways, I was recently tasked with doing some rudimentary task of searching through the Windows Certificate store and finding all CAs that were signed with MD5. If MD5 rings a bell its most likely because of this. [...]

By: Laura Raderman

Laura Raderman — Mon, 09 Feb 2009 15:34:17 +0000

The fingerprint of the certificate is not the same as the hash located inside of the certificate. The fingerprint is just a way for you to verify the entire certificate. In this particular case (if the certificate is not valid), the fingerprint will not match the “real” certificate, but you’d have to find someone at the CA who would go into the certificate data base (if they keep it – they usually do) to check for the matching fingerprint. Your browser is computing that hash for you. It’s not terribly useful unless you know the owner of the CA (especially in the case of self-signed certificates).

By: katie

katie — Sun, 08 Feb 2009 04:45:54 +0000

So, I want to go to https://feedback.shmoocon.org but I see that their cert was issued by Equifax Secure Global eBusiness CA-1. I see that the cert has both an MD5 fingerprint and a SHA1 fingerprint. Does the SHA1 fingerprint mean I can trust this cert? I.e., does it in some sense override the collision vulnerability of the MD5 fingerprint?

By: nm23728

nm23728 — Wed, 31 Dec 2008 13:08:23 +0000

deleting one at a time will help only so little – CRL’s have to be published, regularly, and easy enough for normal users of IE, FF, SAF, OP etc
also NEVER set an expiry date to 20 years in the future! i would review every algorithm after a few years anyways

By: Security Musings » Blog Archive » How to Distrust a CA

Security Musings » Blog Archive » How to Distrust a CA — Tue, 30 Dec 2008 19:18:18 +0000

[...] RSS Feed Search « MD5 is really seriously broken this time [...]