Comments on: SSL MD5 – Busted Wide Open With 200 PS3s http://www.insanit.net/video-games/ssl-md5-busted-wide-open-with-200-ps3s/ The random crazy thoughts of yet another information technology guy. Wed, 10 Mar 2010 11:15:01 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Technology » Blog Archive » Secure Sockets Layer ( Ssl ) « Network http://www.insanit.net/video-games/ssl-md5-busted-wide-open-with-200-ps3s/comment-page-1/#comment-1155 Technology » Blog Archive » Secure Sockets Layer ( Ssl ) « Network Mon, 23 Feb 2009 15:54:49 +0000 http://insanit.net/?p=293#comment-1155 [...] InsanIT.net » Blog Archive » SSL MD5 - Busted Wide Open With 200 PS3s [...] [...] InsanIT.net » Blog Archive » SSL MD5 – Busted Wide Open With 200 PS3s [...]

]]> By: Technology » Blog Archive » Cnlogger Article » Don’T Steal My Information! http://www.insanit.net/video-games/ssl-md5-busted-wide-open-with-200-ps3s/comment-page-1/#comment-1067 Technology » Blog Archive » Cnlogger Article » Don’T Steal My Information! Sun, 08 Feb 2009 03:08:06 +0000 http://insanit.net/?p=293#comment-1067 [...] InsanIT.net » Blog Archive » SSL MD5 - Busted Wide Open With 200 PS3s [...] [...] InsanIT.net » Blog Archive » SSL MD5 – Busted Wide Open With 200 PS3s [...]

]]> By: Arah http://www.insanit.net/video-games/ssl-md5-busted-wide-open-with-200-ps3s/comment-page-1/#comment-985 Arah Wed, 31 Dec 2008 23:02:02 +0000 http://insanit.net/?p=293#comment-985 I think you're a tad mistaken yourself. My point is MD5 is flawed. We've known it for years and we just need to get rid of it. Period. That's all I'm really saying. (That and how cool it was to use a cluster of PS3s running Linux.) Sorry if it didn't come through clearly enough. And thanks for visiting and giving your input. :) I think you’re a tad mistaken yourself. My point is MD5 is flawed. We’ve known it for years and we just need to get rid of it. Period. That’s all I’m really saying. (That and how cool it was to use a cluster of PS3s running Linux.) Sorry if it didn’t come through clearly enough.

And thanks for visiting and giving your input. :)

]]> By: SugarSweet http://www.insanit.net/video-games/ssl-md5-busted-wide-open-with-200-ps3s/comment-page-1/#comment-983 SugarSweet Tue, 30 Dec 2008 22:53:00 +0000 http://insanit.net/?p=293#comment-983 Correction: MD5/SHA-2/hash-function is used to verify that what the client thinks it sent/received is the same as what the server sent/received (a MAC of the handshake). Correction: MD5/SHA-2/hash-function is used to verify that what the client thinks it sent/received is the same as what the server sent/received (a MAC of the handshake).

]]> By: SugarSweet http://www.insanit.net/video-games/ssl-md5-busted-wide-open-with-200-ps3s/comment-page-1/#comment-982 SugarSweet Tue, 30 Dec 2008 22:45:04 +0000 http://insanit.net/?p=293#comment-982 I believe you are mistaken on what is actually broken. This is not about the use of MD5 for the symmetric encryption used in the first part of the SSL handshake. This is about using MD5 to sign (hash) a certificate. A certificate signed with MD5 can still be used in an SSL handshake using a more secure crypto function, such as SHA-2. There currently isn't an easy way to disable the accepting of a certificate signed with MD5 in a browser. You can disable the support of MD5 in the SSL handshake, but this does not address the issue. I believe you are mistaken on what is actually broken. This is not about the use of MD5 for the symmetric encryption used in the first part of the SSL handshake. This is about using MD5 to sign (hash) a certificate. A certificate signed with MD5 can still be used in an SSL handshake using a more secure crypto function, such as SHA-2.

There currently isn’t an easy way to disable the accepting of a certificate signed with MD5 in a browser. You can disable the support of MD5 in the SSL handshake, but this does not address the issue.

]]>