nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5

From: "Robert Mathews (OSIA)" <mathews () hawaii edu>
Date: Fri, 02 Jan 2009 12:56:19 -0500

Joe Greco wrote:

 [ ....  ]

Either we take the potential for transparent MitM attacks seriously, or 
we do not.  I'm sure the NSA would prefer "not."  :-)

As for the points raised in your message, yes, there are additional
problems with clients that have not taken this seriously.  It is, however,
one thing to have locks on your door that you do not lock, and another
thing entirely not to have locks (and therefore completely lack the
ability to lock).  I hope that there is some serious thought going on in
the browser groups about this sort of issue.

 [ ... ]

... JG


F Y I, see:

SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad'
certificates @
http://www.codefromthe70s.org/sslblacklist.aspx

Best.

Current thread:

Re: Security team successfully cracks SSL using 200 PS3's and MD5, (continued)
- - - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Valdis . Kletnieks (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Matthew Kaufman (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Michael Sinatra (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Colin Alston (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - DNSSEC vs. X509 (Re: Security team successfully cracks SSL...) Paul Vixie (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 Stasiniewicz, Adam (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Robert Mathews (OSIA) (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dragos Ruiu (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Gadi Evron (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dragos Ruiu (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Christopher Morrow (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 William Warren (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dorn Hetzel (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Marshall Eubanks (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Steven M. Bellovin (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Christopher Morrow (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Steven M. Bellovin (Jan 03)

(Thread continues...)