Re: KARL, YOU ARE WRONG. in http://www.dslreports.com/forum/r21669579 en Sat, 28 Nov 2009 16:23:58 EDT Sat, 28 Nov 2009 16:23:58 EDT Re: KARL, YOU ARE WRONG. http://www.dslreports.com/forum/remark,21672245 sporkme :
said by k1ll3rdr4g0n See Profile :

[
If MD6 is available, why not use THAT in certificates instead of MD5?
Hell, why not just turn it all the way up to MD11???]]> http://www.dslreports.com/forum/remark,21672245 Fri, 02 Jan 2009 20:29:57 EDT Re: KARL, YOU ARE WRONG. http://www.dslreports.com/forum/remark,21670778 k1ll3rdr4g0n :
said by MxxCon See Profile :

how can you post a story without even reading it?!
THEY NEVER SAID THEY "have found a method of hacking any website".

what they did say was that they "found a way to forge certain digital certificates"

THAT'S A HUGE DIFFERENCE.

your own link to our forum says »SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website"

KARL, STOP SPREADING FUD!

I have to agree with you. Though they claim its just a "proof-of-concept" aka POC or Piece o' cr4p. I love how people always go "omgz its a new exploitz, lets all freak out" - and never actually demonstrates that it works. I mean what the hell people, so if I sat there and said that I found a "POC" exploit for Linux servers would you all jump out of your chair and go "I'm switching to Windows Server". I hope not (assuming I could explain exactly how it worked).

And actually this is partly the browsers fault, and the HTTPS scheme as a whole. I mean I just find the whole idea of *paying* for security a little unsecure. CA's don't maintain SSL, so why should we shell out $$$ to them? But, whatever, back to the point at hand. So lets point out the browser: its stupid. It wont tell you *what* CA verified (unless you manually look) the cert, just that its good; wait...so a cert from ABC company is as valid of a cert from verisign? Uhhh...I see something wrong with that myself but regardless.

I actually did see that a long time ago that 2 (chinese?) people claimed to have "broken" the MD5 algorithm (they claimed they were able to determine collisions or something like that...). They never posted any evidence, just that they broke it. Here it is, what a couple years later, I haven't seen a story on how MD5 is really broken, have you? What makes that even more of a laugh is that MD5 isn't an encryption, its just a hash algorithm. What makes THIS story a laugh too is that MD6 was talked about a long time and seems to be available for your greedy downloading hands.
My question I propose to you:
If MD6 is available, why not use THAT in certificates instead of MD5? After all, don't we trust in CA's to keep our sites and data secure and encrypted? I know I sure don't for my own sites/services (you might be like "wtf?", but I am coming with a solution to that).

In my conclusion, its merely just a response to increase of technology. Its like saying you can find the prime numbers to a 20 digit (I don't know, some obscene number) composite number in a matter of seconds on a quad core, with 64bit os with 4GBs of RAM. Yeah, its defiantly going to make that large number look like nothing on modern technology, but when the number was put out there - the technology at the time couldn't handle it. So - there's nothing to see here, move along.]]> http://www.dslreports.com/forum/remark,21670778 Fri, 02 Jan 2009 15:34:50 EDT Re: KARL, YOU ARE WRONG. http://www.dslreports.com/forum/remark,21669579 MxxCon : they never CLAIMED to have found a method of hacking any website either.]]> http://www.dslreports.com/forum/remark,21669579 Fri, 02 Jan 2009 11:28:24 EDT Re: KARL, YOU ARE WRONG. http://www.dslreports.com/forum/remark,21669525 Cheese :
said by MxxCon See Profile :

how can you post a story without even reading it?!
THEY NEVER SAID THEY "have found a method of hacking any website".

what they did say was that they "found a way to forge certain digital certificates"

THAT'S A HUGE DIFFERENCE.

your own link to our forum says »SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website"

KARL, STOP SPREADING FUD!

And the article says CLAIM, not they they DID, can YOU read?]]> http://www.dslreports.com/forum/remark,21669525 Fri, 02 Jan 2009 11:17:55 EDT KARL, YOU ARE WRONG. http://www.dslreports.com/forum/remark,21669455 MxxCon : how can you post a story without even reading it?!
THEY NEVER SAID THEY "have found a method of hacking any website".

what they did say was that they "found a way to forge certain digital certificates"

THAT'S A HUGE DIFFERENCE.

your own link to our forum says »SSL security flaw with MD5 certificates announces today that's nothing even close to "hacking any website"

KARL, STOP SPREADING FUD!

--
Check out my awesome city of MxxTopia »mxxtopia.myminicity.com/ind or »mxxtopia.myminicity.com (the more people visit, the bigger it is)]]> http://www.dslreports.com/forum/remark,21669455 Fri, 02 Jan 2009 10:59:20 EDT