Technology news and Jobs 
Information Technology News The Latest MD5 Attack - The Sky Continues to Fall
Information Technology News The Latest MD5 Attack - The Sky Continues to Fall | The Latest MD5 Attack - The Sky Continues to Fall |
|
| by David Heath | |
| Wednesday, 31 December 2008 | |
|
Page 3 of 3 Anyone with a voice on this topic has been saying for some time that MD5 is broken and that CAs should move to SHA-1. As I said on the previous page, all but 6 of the root CAs have taken this advice; those six are aware of the issue.
Featured Whitepaper
5 Best Practices for Smartphone Support
Obviously, SHA-1 isn’t as broken as MD5, but experts in the field have recommended for some time that it should not be used beyond 2010. To this end NIST has sponsored a competition to select a new algorithm which will become SHA-3. The competition closed on October 31 2008 and a total of 64 entries were received of which 51 were assessed as meeting the initial criteria. A final decision is expected in 2012. Right now, there is nothing agreed to move forward in the short term. Although Bruce Schneier, quoted elsewhere noted that this entire point is rather moot as users (and browsers) rarely check the validity of certificates in any situation. |
Tags
| < Next story in category | Previous story in the category > |
|---|
