>
http://www.win.tue.nl/hashclash/rogue-ca/>
>Ya it required 200 PS3's to do it. Basicly by exploiting a flaw in the MD5 cryptographic algorithm they were able to create a rogue Certification Authority which allows them to create their own SSL certificates.
MS has an advisory at
http://www.microsoft.com/technet/security/advisory/961509.mspxModern certs based on SHA-1 are not affected, and the MD5 hack is still not "practical" (for now, anyways).
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up