Exploiting Weaknesses in the MD5 Hash Algorithm to Subvert Security on the Web
Source: Entrust
A group of renowned researchers has published some of the details of their exploitation of a vulnerability in the MD5 hash algorithm. The advance they describe would allow an attacker to create fraudulent Web-site certificates with which they could launch a phishing or man-in-the-middle attack on an eCommerce, eBanking or eGovernment Web-site, resulting in identity theft and/or financial loss for the site's users. This advance has been anticipated for some time. And, it confirms, once and for all, that MD5 is no longer secure for use in signature applications, such as SSL certificates. Platform suppliers may, in the near future, eliminate the MD5 algorithm from their cryptographic suites, thereby causing site certificates that use MD5 to fail.
| Format: | Size: | 348.40 | |
| Date: | Jan 2009 |
People who downloaded this item also downloaded
- Snapfish Builds a Massive, High-Performing, Scalable Storage Infrastructure With HP Scalable NAS and EVA and MSA Storage Arrays
- Seven Steps to Digital Signature Implementation
- An Anomaly-Based Intrusion Detection Architecture to Secure Wireless Networks
- Advantages and Disadvantages of EFS and Effective Recovery of Encrypted Data
- Elliptic Curve Cryptography on Smart Cardswithout Coprocessors
