[ALUG] Security nightmares in TZ: Part one SQL injection
Andreas Tauscher
ta at geuka.net
Tue Feb 4 21:09:22 EAT 2014
> BTW: For storing passwords you should not use MD5. MD5 was suspected to
> broken since 1996 and in 2004 it was proved MD5 is not collision free.
> And in 2012 the FLAME maleware could infect computers because M$ was
> still using the since 2008 banned as cryptographically broken and
> unsuitable for further use MD5 for singing uptades.
In 2008 during the 25C3 a proof of concept was presented to create for
any URL a valid MD5 based SSL certificate.
The hackers used an inexpensive cluster of 200 Playstation 3 (equivalent
computing power to 8000 desktop PCs in 2008 but much cheaper) needing
only one to two days to create a fake certificate.
http://events.ccc.de/congress/2008/Fahrplan/attachments/1251_md5-collisions-1.0.pdf
More information about the Linux
mailing list