31 décembre 2008

MD5 considered harmful today : la PKI cassée?

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. Our attack takes advantage of a weakness in the MD5 cryptographic hash function... [Lire la suite]
Posté par jcdemarque à 13:35 - - Permalien [#]
Tags : , , ,