funsec mailing list archives
Re: Fake CA MD5 questions
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 31 Dec 2008 16:29:03 +0100
* Jason Ross:
To partially answer the first question anyway, a very quick and likely imprecise check of my Debian default installation of openssl contains the following 24 CA certs as using "md5WithRSAEncryption" for the Signature Algorithm:
These are self-signatures and typically not checked. When these certificates are used as issuers, they can use SHA-1, and are not restricted to MD5. (Same comment applies to the certificates with MD2 self-signatures.) Only the CA knows if they still issue certificates with MD5 signatures. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- reliable IOS exploitation Gadi Evron (Dec 29)
- Re: reliable IOS exploitation Charles Miller (Dec 29)
- Re: reliable IOS exploitation Gadi Evron (Dec 29)
- 25c3 (was: Re: reliable IOS exploitation) Jacob Appelbaum (Dec 30)
- Re: 25c3 (was: Re: reliable IOS exploitation) Colin K Rognlie (Dec 30)
- Fake CA MD5 questions Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 30)
- Re: Fake CA MD5 questions Valdis . Kletnieks (Dec 30)
- Re: Fake CA MD5 questions Valdis . Kletnieks (Dec 30)
- Re: Fake CA MD5 questions Jason Ross (Dec 30)
- Re: Fake CA MD5 questions Florian Weimer (Dec 31)
- Re: reliable IOS exploitation Charles Miller (Dec 29)