Tuesday, December 30, 2008

Bye Bye md5 SSL

We've know for a while that md5 was weak. I can't put my finger on it, but I remember at least a couple mathematical weaknesses that reduced its cryptographic "hardness" to crack by orders of magnitude.

Now some researchers are estimating that for about $1500 of cloud computing resources from amazon, this can be done to md5 based SSL certificates. I know SHA-1 has a couple of similar math based weaknesses, so perhaps it is next. For now it reigns supreme!

No comments: