Researchers set out to compromise MD5 in an effort to convince people to stop using it. We explain how the attack worked and what this means for you.
Message Digest algorithm 5 (MD5 for short) is a one-way cryptographic hashing function. Put in its simplest terms, it takes input, mangles it, and generates a 128- bit value (usually expressed as a 32-character hexadecimal number). The same input (e.g., password) will alwayshave the same output. So why use MD5? When cryptographically signing data (such as email or SSL certificates), it is much more efficient to sign a cryptographic signature of the data rather than the entire block of data itself.
An interesting article on encryption algorithms, but more detail is needed about some of the comments about CAs in web-browsers. As Kurt states, some (but not all) of the Thawte & Verisign CAs use MD5 (& in some cases MD2) as their signature algorithm. However as far as I can tell this is not the case for any of the certificates from Comodo - they all seem to use SHA1. Perhaps I have a fully updated system for these certificates (I hope so) which has addressed the concerns, or are Kurt's comments about a different company?
Comments
ND5 signing certificates
David Williams Feb 05, 2009 12:23pm GMT
An interesting article on encryption algorithms, but more detail is needed about some of the comments about CAs in web-browsers. As Kurt states, some (but not all) of the Thawte & Verisign CAs use MD5 (& in some cases MD2) as their signature algorithm. However as far as I can tell this is not the case for any of the certificates from Comodo - they all seem to use SHA1. Perhaps I have a fully updated system for these certificates (I hope so) which has addressed the concerns, or are Kurt's comments about a different company?