1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Continued support for MD5 endangers widely used cryptographic protocols

Discussion in 'Network World' started by RSS, Jan 7, 2016.

  1. RSS

    RSS New Member Member

    The old and insecure MD5 hashing function hasn't been used to sign SSL/TLS server certificates in many years, but continues to be used in other parts of encrypted communications protocols, including TLS, therefore weakening their security.

    Researchers from the INRIA institute in France have devised several attacks which prove that the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.

    They showed that man-in-the-middle attackers can impersonate clients to servers that use TLS client authentication and still support MD5 hashing for handshake transcripts. Intercepting and forwarding credentials through protocols that use a TLS channel binding mechanism is also possible.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page