Security Corner Update

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
Security Corner Update
Avatar
Ken Harthun
Mod
Forum Posts: 86
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
1
January 7, 2009 - 5:22 pm
sp_Permalink sp_Print

Latest Posting to Security Corner: MD5 Hashing Algorithm No Longer Safe
Posted by: Ken Harthun

Just last week, two German security researchers, Alex Sotirov and Jacob Appelbaum, made a surprising announcement at the Chaos Communication Conference in Berlin: they had created a fraudulent Certificate Authority (CA) that had a valid signature from a root CA, Equifax, one of the oldest. The ramifications of this are far-reaching. Imagine what will happen if cyber criminals generate fraudulent certificates. [url=http://itknowledgeexchange.techtarget.com/security-corner/md5-hashing-algorithm-no-longer-safe/:17wlieqb]Read the entire post.[/url:17wlieqb]

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
2
January 8, 2009 - 5:04 pm
sp_Permalink sp_Print

Ken, for the security ignorant among us (including myself), can you elaborate a bit on what root CA valid signatures even are and what they do? Is this like a SSL certificate?

Thank you thank you!!

Avatar
Ken Harthun
Mod
Forum Posts: 86
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
3
January 9, 2009 - 4:13 pm
sp_Permalink sp_Print

[quote="Ziggie":2trntmx4]Ken, for the security ignorant among us (including myself), can you elaborate a bit on what root CA valid signatures even are and what they do? Is this like a SSL certificate?[/quote:2trntmx4]

Hi Ziggie,

Yes, MD5 is a hash algorithm that has been used to verify the identity of the issuers of SSL certificates. Hash algorithms are used to reduce large data files to a simple, unique number that can then be used to identify the data in the same way that fingerprints identify humans. Valid root CA signatures on a certificate means that the CA has verified--through documentation, research, etc.--the identity of the issuer. You could get a certificate of your own if you wanted to provide a secure website that people would access using https://. The CA would ask you for certain identity information and when they were certain it was valid, would issue a signed SSL certificate to you.

Hope this clears it up a bit for you. I may do a newsletter article on the subject soon.

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 271

Currently Online:
29 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 2385

Moderators: 7

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1802

Posts: 12962

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Carol Bratt, dandl, Jason Shuffield, Jim Canfield, Terry Hollett, Dick Evans, Sergey Grankin

Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!