lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 30 Dec 2008 16:13:07 -0500
From: "Elazar Broad" <elazar@...hmail.com>
To: full-disclosure@...ts.grok.org.uk, nelson@...geia.com.br
Subject: Re: Creating a rogue CA certificate

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And they should have listened then, it was only a matter of time
before someone fleshed out a practical attack, and that time is
now. Then again, I am sure there some ATM's out there still using
DES. How many time's do we need to prove Moore's law...

On Tue, 30 Dec 2008 15:26:46 -0500 Nelson Murilo
<nelson@...geia.com.br> wrote:
>Implementation could be new, but this vulnerabillity is knew since
>2004,
>the year that md5 was broken.
>
>http://www.cryptography.com/cnews/hash.html
>
>./nelson -murilo
>
>
>On Tue, Dec 30, 2008 at 08:10:16PM +0000, n3td3v wrote:
>> Aiding script kids to get credit card numbers out of folks e-
>commerce
>> purchases. I'm sure the U.S secret service have a special
>interest in
>> this vulnerability, as so much of their time nowadays is taken
>up
>> following up on internet carders and shutting them down.
>>
>> On Tue, Dec 30, 2008 at 5:03 PM, Elazar Broad
><elazar@...hmail.com> wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > SSL/PKI is only as strong as the weakest CA...
>> >
>> > For those of you who haven't been following this, here you go:
>> >
>> > http://www.win.tue.nl/hashclash/rogue-ca/
>> > http://www.phreedom.org/research/rogue-ca/md5-collisions-
>1.0.ppt
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAklajuMACgkQi04xwClgpZjS4QP7Beyc04b+CoGgpDWS7ojdnPMdI8Ty
XhEWqZxa5mVyy+uAFIXxc5I/J1BtsZKJPhV+mlIW9zWgUJASvn0LrLKGzzt+Bhlb3rYW
pGiL8UlmBOCf99qYBRF69vevSdA3gdu/JebXIWu33nPB7qZho6SSHYCwF7u5TJILgtI3
aiL33GQ=
=C7PQ
-----END PGP SIGNATURE-----

--
Click to become a master chef, own a restaurant and make millions.
 http://tagline.hushmail.com/fc/PnY6qxtWo9fln3EqgOtev3Xt2UqYrdnKRqkHGIlsPHfICpCCcCO6k/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ