Security Corner Update

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
Security Corner Update
Avatar
Ken Harthun
Mod
Forum Posts: 86
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
1
January 7, 2009 - 5:22 pm
sp_Permalink sp_Print

Latest Posting to Security Corner: MD5 Hashing Algorithm No Longer Safe
Posted by: Ken Harthun

Just last week, two German security researchers, Alex Sotirov and Jacob Appelbaum, made a surprising announcement at the Chaos Communication Conference in Berlin: they had created a fraudulent Certificate Authority (CA) that had a valid signature from a root CA, Equifax, one of the oldest. The ramifications of this are far-reaching. Imagine what will happen if cyber criminals generate fraudulent certificates. [url=http://itknowledgeexchange.techtarget.com/security-corner/md5-hashing-algorithm-no-longer-safe/:17wlieqb]Read the entire post.[/url:17wlieqb]

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
2
January 8, 2009 - 5:04 pm
sp_Permalink sp_Print

Ken, for the security ignorant among us (including myself), can you elaborate a bit on what root CA valid signatures even are and what they do? Is this like a SSL certificate?

Thank you thank you!!

Avatar
Ken Harthun
Mod
Forum Posts: 86
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
3
January 9, 2009 - 4:13 pm
sp_Permalink sp_Print

Ken, for the security ignorant among us (including myself), can you elaborate a bit on what root CA valid signatures even are and what they do? Is this like a SSL certificate?[/quote:2trntmx4]

Hi Ziggie,

Yes, MD5 is a hash algorithm that has been used to verify the identity of the issuers of SSL certificates. Hash algorithms are used to reduce large data files to a simple, unique number that can then be used to identify the data in the same way that fingerprints identify humans. Valid root CA signatures on a certificate means that the CA has verified--through documentation, research, etc.--the identity of the issuer. You could get a certificate of your own if you wanted to provide a secure website that people would access using https://. The CA would ask you for certain identity information and when they were certain it was valid, would issue a signed SSL certificate to you.

Hope this clears it up a bit for you. I may do a newsletter article on the subject soon.

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 188

Currently Online:
11 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 1272

Moderators: 3

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1538

Posts: 11824

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Judy Novotny, Jason Shuffield, Mail Poet