[nycbug-talk] [ccc related] MD5 considered harmful today

dingo dingo at 1984.ws
Wed Dec 31 02:16:27 EST 2008

On Wed, 31 Dec 2008 01:01:38 -0500, "Jesse Callaway" <bonsaime at gmail.com>
> On Tue, Dec 30, 2008 at 9:19 PM, Miles Nordin <carton at ivy.net> wrote:
>> >>>>> "cs" == Charles Sprickman <spork at bway.net> writes:
>>    cs> https://www.win.tue.nl/hashclash/rogue-ca/
>> ``Until Firefox 3 and IE 7, certificate revocation was disabled by
>>  default. Even in the latest versions, the browsers rely on the
>>  certificate to include a URL pointing to a revocation server.''
> man that sucks... so even if this issue in the paper is addressed, it
> won't
> matter until the browsers fix the revocation mechanism.

No. It wont matter until everyone stops pretending x509 isn't a
total piece of ass created by monopolies and teclos to profit
off the internet. its all horse shit. certs don't matter.

Give this a read:

and the next time you see the heading "MD5 considered harmful" in relation
to x509 certs and ssl, you'll say "Duh."

>> pwaaaahahaha!  rapidssl ist gePWNen!
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> I'll have to throw in the part that really wowed me... frankly I can
> barely
> wrap my head around the POTS creation of signed certs, but maybe I'm
> Too many damn tiers... should rather be based on many peers, but I'll
> write
> the paper up later on this though : )
> "It turned out to be possible to hide [MD5] collision blocks inside
> moduli while even assuring the security of the pairs of moduli as being
> both
> products of sufficiently large primes. "
> -jesse

More information about the talk mailing list