Dec 30 2008

An Explanation of the CA Cert Vulnerability even I can understand

Published by at 11:07 am under Encryption,Hacking

If you believe some of the hype that’s been on the wire the last couple of days, the end of the Internet is nigh.  A number of researchers have discovered a vulnerability in the way that MD5 checksums are created for CA certificates and this could allow malicious attackers to create false certs that your browser and mine would accept as authentic.  There are a number of caveats, like the fact they had a bank of 200 PS3’s to play with to create the false checksums, but that wouldn’t be too big of hurdle for a organized group to overcome. 

I won’t even pretend I understand all of the points in this article.  So it’s lucky that I have friends who not only understand this stuff but enjoy dumbing it down so that even people like me can understand it.  Not that JJ would put it that way, but I’m not going to try to cover up my limitations.  So if you’re like me and don’t have the time to read the entire original article, read “A Layman’s Explanation of the CA Certificate Vulnerability”.  You’ll get the gist of what’s going on without getting too lost in the terminology.  And you can pass it on to your manager with a pretty good chance he’ll understand it too.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to “An Explanation of the CA Cert Vulnerability even I can understand”

  1. Adamon 29 Nov 2010 at 2:25 am

    MD5 is cryptographically weak and sucumbs to large database hashes, i have been trying to put pressure on business to stop using it, i have even put my cracking database online at to show people that MD5 hashes just arent good enough anymore, this is a great article – bookmarked.


%d bloggers like this: