Ultimate Phish

December 31, 2008

So some Dutch guys figured out how to create trusted certificates using MD5 hash collisions that can pose as Ecommerce site certs. Pretty awesome research. Shame on the Root CA’s from using MD5 in the first place. I would suspect that the Browser makers will update or disable the Root CA certs in their browsers for the offenders until such time that they can issue at least Sha-1 based certs. Pretty awesome research if I do say so myself. O yea. The generated the collisions useing a whole room full of PS3 processors.

attack

Like this:

Be the first to like this post.

Posted by diocyde

Filed in Crypto ·Tags: md5 hash collision certificates phish

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Not published)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Veiled Shadows

Ultimate Phish

December 31, 2008

Like this:

Leave a Reply Cancel reply

Categories

Blogroll

Archives

Search Veiled Shadows

Tag Cloud

Follow “Veiled Shadows”