MD5 Collision Creates 'Rogue' Certificate Authority – Caution!

admin

Sneakers Janek MD5
At the 25th Chaos Communication Congress CCC today, researchers will reveal how they utilized a collision attack against the MD5 algorithm to create a rogue certificate authority. This is pretty big news, so read on.

When you make a secured connection to a website via HTTPS, a public key certificate is sent from the server to your computer. This certificate contains a digital signature which your computer uses to verify the identify of the site to which you’re connecting. Certificates are “signed” by a Certificate Authority CA, which acts as a kind of middle-man: you trust the CA, so you can trust the certificates signed by the CA. Anyone can create a certificate authority, though, so most browsers have a list of known reputable and trustworthy CAs. When your computer gets a certificate from a server, your browser checks the CA that issued it to determine whether the CA is trustworthy. If the CA is trustworthy, your browser assumes that the certificate being presented is trustworthy.

MD5 collision creates rogue Certificate Authority

admin
admin

Leave a Reply