2 jan 2009 kl. 11.30 skrev Pedro Melo:
Hi,
On Dec 31, 2008, at 4:32 PM, Ralph J.Mayer wrote:
for real, the browser manufacturers will just blacklist it. It's
really quite
straightforward.
That's NOT the problem.
What they showed is:
- predictable serialnumbers suck
- MD5 is weak enough to find a useable collision within a few days
on a
a cluster of 200 PS3s (if you dont own that much PS3s, go to Amazon
EC2)
Actually, I think what we could take from all this is a suggestion
to all XMPP client developers to not accept as valid a MD5 signature
on certificates.
After reading some articles online, my feeling is that the whole
thing puts the shame on the browser vendors, because they are the
ones still accepting MD5 as a secure signature method for
certificates. I would hope that the next version of my browser would
warn me the same way it warns about self-signed certificate if it
only includes a MD5 signature.
Another conclusion is that it is now proven that MD5 is not very
useful for authentication, so moving away from MD5-based digest
authentication is a good thing.
/O
