25C3: MD5 collisions crack CA certificate (heise online)
Posted Dec 31, 2008 19:28 UTC (Wed) by flewellyn
In reply to: 25C3: MD5 collisions crack CA certificate (heise online)
Parent article: 25C3: MD5 collisions crack CA certificate (heise online)
According to the article, that might be problematic:
The infrastructure of Certification Authorities is meant to prevent this kind of attack, but despite warnings, some root CAs are still using MD5, leaving people potentially exposed to the possibility of forged certificates. The team found the following CAs still using MD5; RapidSSL, FreeSSL, TC TrustCenter AG, RSA Data Security, Thawte and verisign.co.jp. They collected 30,000 certificates and found 9,000 of them were signed with MD5 and of them, 97 per cent were issued by RapidSSL. Because of this and other attributes of RapidSSL's procedures, such as use of sequential serial numbers in issued certificates, the researchers examined RapidSSL's certificates in greater depth.
to post comments)