31 December 2008 @ 17:36SSL cracked via MD5 weakness
A group of security researchers have successfully cracked SSL by using 200 PlayStation 3 consoles and about $700 worth of test certificates to create a rogue Certification Authority (CA).
This is significant because at leat six CA’s are still using the MD5 encryption with the exploitable weakness. The solution to this problem is for the CAs stop using MD5 and move to the more secure SHA-1 algorithm.
The researchers don’t expect this to be an easily repeatable process — one that might take others six months to run it successfully.