MD5 Encryption Considered Harmful

A group of 7 researchers have been able to successfully hack an MD5 encrypted security certificate. While this is a critical security risk, most security certificates do not use MD5 encryption in their generating processes. The more common security certificate and digital signature encryption type is SHA-1. The full explanation of their findings can be read at http://www.win.tue.nl/hashclash/rogue-ca/.

Published Tuesday, December 30, 2008 4:02 PM by Jason N. Gaylord
Filed under: ,

Comments

# re: MD5 Encryption Considered Harmful

Tuesday, December 30, 2008 4:11 PM by Jason N. Gaylord

DIGG this here: digg.com/.../MD5_Encryption_Considered_Harmful

# re: MD5 Encryption Considered Harmful

Thursday, January 01, 2009 11:25 PM by Jay R. Wren

MD5 isn't "encryption". It is a crypto hashing function, also known as message digest.

If you read the paper, the attack is more on PKI than it is on MD5.  

MD5 cannot be considered harmful. It is still applicable for a vast number of applications. Given the cited publication it is not suitable for use with certificate signing.

# re: MD5 Encryption Considered Harmful

Monday, January 05, 2009 10:02 AM by Jason N. Gaylord

Exactly. The title is the same from several other headings. Although MD5 is rarely used for certificate signing, that doesn't mean that your other MD5 applications could not be hacked.

Leave a Comment

(required) 
(required) 
(optional)
(required)