On Dec 28, 2008, at 8:12 PM, Perry E. Metzger wrote:
Semiconductor laser based RNG with rates in the gigabits per second.
http://www.physorg.com/news148660964.html
My take: neat, but not as important as simply including a decent
hardware RNG (even a slow one) in all PC chipsets would be.
On Sun, Dec 28, 2008 at 08:12:09PM -0500, Perry E. Metzger wrote:
Semiconductor laser based RNG with rates in the gigabits per second.
http://www.physorg.com/news148660964.html
My take: neat, but not as important as simply including a decent
hardware RNG (even a slow one) in all PC
David Molnar dmol...@eecs.berkeley.edu writes:
Service from a group at CMU that uses semi-trusted notary servers to
periodically probe a web site to see which public key it uses. The notaries
provide the list of keys used to you, so you can attempt to detect things
like a site that has a
On Mon, Dec 29, 2008 at 10:10 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
David Molnar dmol...@eecs.berkeley.edu writes:
Service from a group at CMU that uses semi-trusted notary servers to
periodically probe a web site to see which public key it uses. The notaries
provide the list of
Ben Laurie b...@google.com writes:
what happens when the cert rolls? If the key also changes (which would seem
to me to be good practice), then the site looks suspect for a while.
I'm not aware of any absolute figures for this but there's a lot of anecdotal
evidence that many cert renewals just
On Tue, Dec 30, 2008 at 4:25 AM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Ben Laurie b...@google.com writes:
what happens when the cert rolls? If the key also changes (which would seem
to me to be good practice), then the site looks suspect for a while.
I'm not aware of any absolute
http://www.networkworld.com/community/node/36704
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Hi all,
Today, 30 December 2008, at the 25th Annual Chaos Communication Congress in
Berlin,
we announced that we are currently in possession of a rogue Certification
Authority certificate. This certificate will be accepted as valid and trusted
by
all common browsers, because it appears to be
Begin forwarded message:
Date: Tue, 30 Dec 2008 11:05:28 -0500
From: Russ Housley hous...@vigilsec.com
To: ietf-p...@imc.org, ietf-sm...@imc.org, s...@ietf.org, c...@irtf.org
Subject: [saag] Further MD5 breaks: Creating a rogue CA certificate
http://www.win.tue.nl/hashclash/rogue-ca/
MD5
Hello,
I wanted to chime in more during the previous x509 discussions but I was
delayed by some research.
I thought that I'd like to chime in that this new research about
attacking x509 is now released. We gave a talk about it at the 25c3
about an hour or two ago.
MD5 considered harmful today:
On Tue, Dec 30, 2008 at 11:45:27AM -0500, Steven M. Bellovin wrote:
Of course, every time a manufacturer has tried it, assorted people
(including many on this list) complain that it's been sabotaged by the
NSA or by alien space bats or some such.
Well, maybe it has. Or maybe it was just not
http://www.freedom-to-tinker.com/blog/felten/researchers-show-how-forge-site-certificates
By Ed Felten - Posted on December 30th, 2008 at 11:18 am
Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov,
Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David
http://blog.wired.com/27bstroke6/2008/12/berlin.html
More coverage on the MD5 collisions.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
http://www.cs.columbia.edu/~smb/blog//2008-12/2008-12-30.html
Steve mentions the social pressures involved in disclosing the vulnerability:
Verisign, in particular, appears to have been caught short. One of the CAs
they operate still uses MD5. They said:
The RapidSSL certificates are
Re: http://www.win.tue.nl/hashclash/rogue-ca/
Key facts:
- 6 CAs were found still using MD5 in 2008: RapidSSL, FreeSSL, TC
TrustCenter AG, RSA Data Security, Thawte, verisign.co.jp. Out of the
30,000 certificates we collected, about 9,000 were signed using MD5,
and 97% of those were
15 matches
Mail list logo