Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:No weakness (Score 1) 300

by JakusMinimus (#26269403) Attached to: CCC Create a Rogue CA Certificate

Firstly, from this article:

The attack is based on known weaknesses in the cryptographic hash function known as MD5. In 2004, researchers from China showed it was possible to generate the same MD5 fingerprint for two different messages using off-the-shelf computer hardware. Three years later, a separate group of researchers - many who participated in Tuesday's presentation in Berlin - built off of those findings by showing how to have almost complete freedom in the choice of both messages.

Maybe I am missing some precision thrust of meaning with your choice of words but my understanding is that the researchers utilized brute force to readily take advantage of a known weakness of MD5. No, it is not broken for everything, but it is most definitively broken for use within the PKI infrastructure (signing certificates).

The degree of technical confidence is inversely proportional to the level of management.