Nelson B Bolyard wrote, On 2008-12-30 08:39: > For years we've been reading stories of researchers making more and more > progress on "breaking" MD5. Well, now they've made enough progress that > it is possible to forge some certificates that use MD5 in their signatures. > > You're going to be seeing a lot of breathless stuff in the media about this, > such as http://blogs.zdnet.com/security/?p=2339
I meant to add: The paper with the real facts is seen at http://www.win.tue.nl/hashclash/rogue-ca/ > The upshot of this is probably going to be that, in a short time, all > the world's browsers (and PKI software in general) stop supporting MD5 > for use in digital signatures. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
