Dec 30 2008
If you believe some of the hype that’s been on the wire the last couple of days, the end of the Internet is nigh. A number of researchers have discovered a vulnerability in the way that MD5 checksums are created for CA certificates and this could allow malicious attackers to create false certs that your browser and mine would accept as authentic. There are a number of caveats, like the fact they had a bank of 200 PS3’s to play with to create the false checksums, but that wouldn’t be too big of hurdle for a organized group to overcome.
I won’t even pretend I understand all of the points in this article. So it’s lucky that I have friends who not only understand this stuff but enjoy dumbing it down so that even people like me can understand it. Not that JJ would put it that way, but I’m not going to try to cover up my limitations. So if you’re like me and don’t have the time to read the entire original article, read “A Layman’s Explanation of the CA Certificate Vulnerability”. You’ll get the gist of what’s going on without getting too lost in the terminology. And you can pass it on to your manager with a pretty good chance he’ll understand it too.