Carolina Advanced Digital Quotables
MD5 insecurity affects all internet users
December 31, 2008
Usually the bad actions of a company only affect its own customers. However, Certification Authorities (CA) that have not yet migrated away from MD5 to a more secure cryptographic hash function are causing problems that affect everyone, said Paul Kocher, president and chief scientist of Cryptography Research.
Security professionals have sounded off after a team of researchers on Tuesday revealed a weakness in the MD5 cryptographic hash function which could allow an attacker to create a rogue Certification Authority (CA) certificate and potentially impersonate any website, including those secured by the HTTPS protocol.