Avatar
Please consider registering
guest
sp_LogInOut Log Insp_Registration Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Feed Topic RSSsp_topic_old
Security Corner Update
Avatar
Ken Harthun
Mod
Members
January 7, 2009 - 5:22 pm
Member Since: August 11, 2011
Forum Posts: 86
sp_UserOfflineSmall Offline

Latest Posting to Security Corner: MD5 Hashing Algorithm No Longer Safe
Posted by: Ken Harthun

Just last week, two German security researchers, Alex Sotirov and Jacob Appelbaum, made a surprising announcement at the Chaos Communication Conference in Berlin: they had created a fraudulent Certificate Authority (CA) that had a valid signature from a root CA, Equifax, one of the oldest. The ramifications of this are far-reaching. Imagine what will happen if cyber criminals generate fraudulent certificates. [url=http://itknowledgeexchange.techtarget.com/security-corner/md5-hashing-algorithm-no-longer-safe/:17wlieqb]Read the entire post.[/url:17wlieqb]

Avatar
Chad Johnson
Mod
Members
January 8, 2009 - 5:04 pm
Member Since: August 11, 2011
Forum Posts: 867
sp_UserOfflineSmall Offline

Ken, for the security ignorant among us (including myself), can you elaborate a bit on what root CA valid signatures even are and what they do? Is this like a SSL certificate?

Thank you thank you!!

Avatar
Ken Harthun
Mod
Members
January 9, 2009 - 4:13 pm
Member Since: August 11, 2011
Forum Posts: 86
sp_UserOfflineSmall Offline

[quote="Ziggie":2trntmx4]Ken, for the security ignorant among us (including myself), can you elaborate a bit on what root CA valid signatures even are and what they do? Is this like a SSL certificate?[/quote:2trntmx4]

Hi Ziggie,

Yes, MD5 is a hash algorithm that has been used to verify the identity of the issuers of SSL certificates. Hash algorithms are used to reduce large data files to a simple, unique number that can then be used to identify the data in the same way that fingerprints identify humans. Valid root CA signatures on a certificate means that the CA has verified--through documentation, research, etc.--the identity of the issuer. You could get a certificate of your own if you wanted to provide a secure website that people would access using https://. The CA would ask you for certain identity information and when they were certain it was valid, would issue a signed SSL certificate to you.

Hope this clears it up a bit for you. I may do a newsletter article on the subject soon.

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online:
Guest(s) 46
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 681
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3231
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1956
Posts: 13572
Newest Members:
Toastmaster, smartwindows, instaproapk, mousetesteronline, keshamatt
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2709, Richard Pedersen: 212, David Hartsock: 1117
Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!