Carolina Advanced Digital Quotables
MD5 insecurity affects all internet users
SC Magazine
Angela Moscaritolo
December 31, 2008
Usually the bad actions of a company only affect its own customers. However, Certification Authorities (CA) that have not yet migrated away from MD5 to a more secure cryptographic hash function are causing problems that affect everyone, said Paul Kocher, president and chief scientist of Cryptography Research.
Security professionals have sounded off after a team of researchers on Tuesday revealed a weakness in the MD5 cryptographic hash function which could allow an attacker to create a rogue Certification Authority (CA) certificate and potentially impersonate any website, including those secured by the HTTPS protocol.
Read the story
http://www.scmagazineus.com/MD5-insecurity-affects-all-internet-users/article/123448