Mailinglist Archive: opensuse (2572 mails)

< Previous Next >
Re: [opensuse] 25C3: Hackers completely break SSL using 200 PS3s
  • From: G T Smith <grahamsmith@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 02 Jan 2009 10:15:56 +0000
  • Message-id: <495DE95C.3030002@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin Mielke wrote:
Hi all,

I'm sending this to both the users list and the off-topic one as it has a
rather big impact:

http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/


Happy New Year everyone!

Martin





Hmmm... reading the article a little closer. This was only possible from
one certificate supplier with two key bits of knowledge about that
suppliers certificates, a fixed certificate signing response time, a
sequential serial number and took two days to perform with $20K worth of
computing power... Not quite in the same league as the WEP hack ....

Truth of the matter is no security mechanism will ever be 100% and if
someone is determined enough it can be broken. The real issue is make
economically non viable to do it (and possibly put in tripwires so you
know someone is trying to do it)....

In this case I would focus on the question of the use of sequential
serial numbers and a static response time... a little randomness in
these could make the problem more difficult (but not impossible)...

News folks, the sky has not fallen yet....

- --
==============================================================================
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.

Bjarne Stroustrup
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iEYEARECAAYFAkld6VsACgkQasN0sSnLmgLgUgCfSVzOs7Dycl8Wdt1jOVZKkh0Y
ELAAoMNDc/oMks/ivFI0aMNCmIqwj+EW
=5M0y
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups