On Fri, Jan 2, 2009 at 5:51 AM, Johansson Olle E <[email protected]> wrote: > > 2 jan 2009 kl. 11.30 skrev Pedro Melo: > >> Hi, >> >> On Dec 31, 2008, at 4:32 PM, Ralph J.Mayer wrote: >> >>>> for real, the browser manufacturers will just blacklist it. It's really >>>> quite >>>> straightforward. >>> >>> That's NOT the problem. >>> >>> What they showed is: >>> - predictable serialnumbers suck >>> - MD5 is weak enough to find a useable collision within a few days on a >>> a cluster of 200 PS3s (if you dont own that much PS3s, go to Amazon >>> EC2) >> >> Actually, I think what we could take from all this is a suggestion to all >> XMPP client developers to not accept as valid a MD5 signature on >> certificates. >> >> After reading some articles online, my feeling is that the whole thing >> puts the shame on the browser vendors, because they are the ones still >> accepting MD5 as a secure signature method for certificates. I would hope >> that the next version of my browser would warn me the same way it warns >> about self-signed certificate if it only includes a MD5 signature. > > Another conclusion is that it is now proven that MD5 is not very useful for > authentication,
No, this is not correct. Authentication is a security function, not a particular algorithm. There are contexts in which MD5 is still secure, e.g., HMAC-MD5. > so moving away from MD5-based digest authentication is a > good thing. I agree with this, however, if only as a form of future proofing. -Ekr No, this
