For years we've been reading stories of researchers making more and more progress on "breaking" MD5. Well, now they've made enough progress that it is possible to forge some certificates that use MD5 in their signatures.
You're going to be seeing a lot of breathless stuff in the media about this, such as http://blogs.zdnet.com/security/?p=2339 The upshot of this is probably going to be that, in a short time, all the world's browsers (and PKI software in general) stop supporting MD5 for use in digital signatures. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto