At Tue, 30 Dec 2008 11:51:06 -0800 (PST),
"Hal Finney" wrote:
> Therefore the highest priority should be for the six bad CAs to change
> their procedures, at least start using random serial numbers and move
> rapidly to SHA1. As long as this happens before Eurocrypt or whenever
> the results end up
Re: http://www.win.tue.nl/hashclash/rogue-ca/
Key facts:
- 6 CAs were found still using MD5 in 2008: RapidSSL, FreeSSL, TC
TrustCenter AG, RSA Data Security, Thawte, verisign.co.jp. "Out of the
30,000 certificates we collected, about 9,000 were signed using MD5,
and 97% of those were is
On Dec 30, 2008, at 2:11 PM, Jerry Leichter wrote:
On Dec 30, 2008, at 4:40 PM, Jon Callas wrote:
We don't have a formal definition of what we mean by random. My
definition is that it needs to be unguessable. If I have a random
number and the work factor for you to guess it is more or less
On Dec 30, 2008, at 4:40 PM, Jon Callas wrote:
We don't have a formal definition of what we mean by random. My
definition is that it needs to be unguessable. If I have a random
number and the work factor for you to guess it is more or less its
randomness. It's a Shannonesque way of looking t
The thing that bothers me about this description is the too-easy
jump between "chaotic" and "random". They're different concepts,
and chaotic doesn't imply random in a cryptographic sense: It may
be possible to induce bias or even some degree of predictability in
a chaotic system by man
Sidney Markowitz wrote, On 31/12/08 10:08 AM:
> or that CA root certs that use MD5 for their hash are
> still in use and have now been cracked?
I should remember -- morning coffee first, then post.
The CA root certs themselves have not been cracked -- It is the digital
signatures created by some
http://www.cs.columbia.edu/~smb/blog//2008-12/2008-12-30.html
Steve mentions the social pressures involved in disclosing the vulnerability:
Verisign, in particular, appears to have been caught short. One of the CAs
they operate still uses MD5. They said:
The RapidSSL certificates are current
http://blog.wired.com/27bstroke6/2008/12/berlin.html
More coverage on the MD5 collisions.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
http://www.freedom-to-tinker.com/blog/felten/researchers-show-how-forge-site-certificates
By Ed Felten - Posted on December 30th, 2008 at 11:18 am
Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov,
Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David
M
On Tue, Dec 30, 2008 at 11:45:27AM -0500, Steven M. Bellovin wrote:
> Of course, every time a manufacturer has tried it, assorted people
> (including many on this list) complain that it's been sabotaged by the
> NSA or by alien space bats or some such.
Well, maybe it has. Or maybe it was just not
Hello,
I wanted to chime in more during the previous x509 discussions but I was
delayed by some research.
I thought that I'd like to chime in that this new research about
attacking x509 is now released. We gave a talk about it at the 25c3
about an hour or two ago.
MD5 considered harmful today: C
On Sun, 28 Dec 2008 23:49:06 -0500
Jack Lloyd wrote:
> On Sun, Dec 28, 2008 at 08:12:09PM -0500, Perry E. Metzger wrote:
> >
> > Semiconductor laser based RNG with rates in the gigabits per second.
> >
> > http://www.physorg.com/news148660964.html
> >
> > My take: neat, but not as important as
Begin forwarded message:
Date: Tue, 30 Dec 2008 11:05:28 -0500
From: Russ Housley
To: ietf-p...@imc.org, ietf-sm...@imc.org, s...@ietf.org, c...@irtf.org
Subject: [saag] Further MD5 breaks: Creating a rogue CA certificate
http://www.win.tue.nl/hashclash/rogue-ca/
MD5 considered harmful today
Hi all,
Today, 30 December 2008, at the 25th Annual Chaos Communication Congress in
Berlin,
we announced that we are currently in possession of a rogue Certification
Authority certificate. This certificate will be accepted as valid and trusted
by
all common browsers, because it appears to be si
http://www.networkworld.com/community/node/36704
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
On Tue, Dec 30, 2008 at 4:25 AM, Peter Gutmann
wrote:
> Ben Laurie writes:
>
>>what happens when the cert rolls? If the key also changes (which would seem
>>to me to be good practice), then the site looks suspect for a while.
>
> I'm not aware of any absolute figures for this but there's a lot of
Ben Laurie writes:
>what happens when the cert rolls? If the key also changes (which would seem
>to me to be good practice), then the site looks suspect for a while.
I'm not aware of any absolute figures for this but there's a lot of anecdotal
evidence that many cert renewals just re-certify the
On Mon, Dec 29, 2008 at 10:10 AM, Peter Gutmann
wrote:
> David Molnar writes:
>
>>Service from a group at CMU that uses semi-trusted "notary" servers to
>>periodically probe a web site to see which public key it uses. The notaries
>>provide the list of keys used to you, so you can attempt to dete
David Molnar writes:
>Service from a group at CMU that uses semi-trusted "notary" servers to
>periodically probe a web site to see which public key it uses. The notaries
>provide the list of keys used to you, so you can attempt to detect things
>like a site that has a different key for you than p
On Sun, Dec 28, 2008 at 08:12:09PM -0500, Perry E. Metzger wrote:
>
> Semiconductor laser based RNG with rates in the gigabits per second.
>
> http://www.physorg.com/news148660964.html
>
> My take: neat, but not as important as simply including a decent
> hardware RNG (even a slow one) in all PC
On Dec 28, 2008, at 8:12 PM, Perry E. Metzger wrote:
Semiconductor laser based RNG with rates in the gigabits per second.
http://www.physorg.com/news148660964.html
My take: neat, but not as important as simply including a decent
hardware RNG (even a slow one) in all PC chipsets would be.
Tru
21 matches
Mail list logo