Carolina Advanced Digital Quotables

    MD5 insecurity affects all internet users
    SC Magazine

    Angela Moscaritolo
    December 31, 2008

    Usually the bad actions of a company only affect its own customers. However, Certification Authorities (CA) that have not yet migrated away from MD5 to a more secure cryptographic hash function are causing problems that affect everyone, said Paul Kocher, president and chief scientist of Cryptography Research.

    Security professionals have sounded off after a team of researchers on Tuesday revealed a weakness in the MD5 cryptographic hash function which could allow an attacker to create a rogue Certification Authority (CA) certificate and potentially impersonate any website, including those secured by the HTTPS protocol.

    Read the story
    http://www.scmagazineus.com/MD5-insecurity-affects-all-internet-users/article/123448