Exploiting Weaknesses in the MD5 Hash Algorithm to Subvert Security on the Web
A group of renowned researchers has published some of the details of their exploitation of a vulnerability in the MD5 hash algorithm. The advance they describe would allow an attacker to create fraudulent Web-site certificates with which they could launch a phishing or man-in-the-middle attack on an eCommerce, eBanking or eGovernment Web-site, resulting in identity theft and/or financial loss for the site's users. This advance has been anticipated for some time. And, it confirms, once and for all, that MD5 is no longer secure for use in signature applications, such as SSL certificates. Platform suppliers may, in the near future, eliminate the MD5 algorithm from their cryptographic suites, thereby causing site certificates that use MD5 to fail.