Wednesday, 31 December 2008

Boffins bust web authentication with game consoles

Source: The Register

Researchers using a modest cluster of PS3 game consoles running Linux have demonstrated the ability to generate domain names which hash to arbitrary MD5 digests. This allows them to get the MD5 hash signed by a legitimate digital certificate supplier, then use it as though it were a credential for the domain name with which it shares an MD5 digest.

No comments: