Tuesday, December 30, 2008

Researchers Use PlayStation Cluster to Forge a Web Skeleton Key

Kevin Poulsen writes on Threat Level:

A powerful digital certificate that can be used to forge the identity of any website on the internet is in the hands of in international band of security researchers, thanks to a sophisticated attack on the ailing MD5 hash algorithm, a slip-up by Verisign, and about 200 PlayStation 3s.

"We can impersonate Amazon.com and you won't notice," says David Molnar, a computer science PhD candidate at UC Berkeley. "The padlock will be there and everything will look like it's a perfectly ordinary certificate."

The security researchers from the U.S., Switzerland and the Netherlands planned to detail their technique Tuesday, at the 25th Chaos Communication Congress in Berlin.

More here.


At Tue Dec 30, 04:25:00 PM PST, Anonymous Anonymous said...

Those kids ... any excuse will do to justify buying 200 PS3's. :)

MD5, R. I. P.


Post a Comment

<< Home