Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

From: Florian Weimer (no email)
Date: Sat Jan 03 2009 - 15:01:37 EST

Next message: Florian Weimer: "Re: Security team successfully cracks SSL using 200 PS3's and MD5"

Previous message: Marshall Eubanks: "Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw."
Maybe in reply to: Rodrick Brown: "Security team successfully cracks SSL using 200 PS3's and MD5 flaw."
Next in thread: Florian Weimer: "Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

* Hank Nussbacher:

> On Fri, 2 Jan 2009, Mikael Abrahamsson wrote:
>
>> MD5 is broken, don't use it for anything important.
>
> You mean like for BGP neighbors?

Good point. However, as a defense against potential blind injection
attacks, even an unhashed password in a TCP option would do the trick
(at least in the non-IXP case, IXPs may pose different challenges).

> Wanna suggest an alternative? :-)

Just switch on IPsec. 8-)

Next message: Florian Weimer: "Re: Security team successfully cracks SSL using 200 PS3's and MD5"

Previous message: Marshall Eubanks: "Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw."
Maybe in reply to: Rodrick Brown: "Security team successfully cracks SSL using 200 PS3's and MD5 flaw."
Next in thread: Florian Weimer: "Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs