Tweet
Era ora che la console sony mostrasse davvero i muscoli. Leggete qui (non è tradotto e non ho nemmeno voglia 
)
Researchers from the United States, the Netherlands and Switzerland have used some 200 clustered PlayStation 3s to hack VeriSign's RapidSSL.com certificate authority site. The teams took three days to achieve the hack, which concentrates on the standard MD5 hashing algorithm used to create secure certificates for websites.
Basically, the hack was achieved by using a collision of different messages using the same digitally signed certificate. According to the Toptechnews site, "the amount of computing power... needed to generate a fake certificate was considered a huge obstacle to anyone attempting to take advantage. By one estimation at the time, a desktop computer would need more than 30 years to generate such a fake certificate.
"But the paper presented in Berlin demonstrated that the researchers, using PS3s in a cluster, were able to generate two fake certificates with the same digital signature in only three days".
The flaw had already been discovered by Chinese researchers some five years ago, but it's only now that it has been demonstrated using the clustered power of the PS3s.
The New York Times reports that, "The researchers said that by creating a fake certificate, they had demonstrated that a critical part of the Internet security infrastructure is not safe. To ensure that it was not used for criminal purposes, Arjen Lenstra, the head of E.P.F.L.’s Laboratory for Cryptologic Algorithms, said they had created the certificate to be valid for only one month, August 2004, as a proof of concept."
Microsoft has already responded to the announced MD5 hack, stating, "This new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information".
This downplaying of the hack was joined by Bruce Schneier, chief security technology officer for British Telecom, who told The NYT that "in the scheme of things, how many people do we know who rely on these certificates for anything? When was the last time you checked your browser certificates to make sure they’re good?"
So, we are now keeping our eyes out for bulk purchases of PS3s, or at least stolen truckloads of the console such as the 1,400 that were 'lifted' from a depot last year.
)Researchers from the United States, the Netherlands and Switzerland have used some 200 clustered PlayStation 3s to hack VeriSign's RapidSSL.com certificate authority site. The teams took three days to achieve the hack, which concentrates on the standard MD5 hashing algorithm used to create secure certificates for websites.
Basically, the hack was achieved by using a collision of different messages using the same digitally signed certificate. According to the Toptechnews site, "the amount of computing power... needed to generate a fake certificate was considered a huge obstacle to anyone attempting to take advantage. By one estimation at the time, a desktop computer would need more than 30 years to generate such a fake certificate.
"But the paper presented in Berlin demonstrated that the researchers, using PS3s in a cluster, were able to generate two fake certificates with the same digital signature in only three days".
The flaw had already been discovered by Chinese researchers some five years ago, but it's only now that it has been demonstrated using the clustered power of the PS3s.
The New York Times reports that, "The researchers said that by creating a fake certificate, they had demonstrated that a critical part of the Internet security infrastructure is not safe. To ensure that it was not used for criminal purposes, Arjen Lenstra, the head of E.P.F.L.’s Laboratory for Cryptologic Algorithms, said they had created the certificate to be valid for only one month, August 2004, as a proof of concept."
Microsoft has already responded to the announced MD5 hack, stating, "This new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information".
This downplaying of the hack was joined by Bruce Schneier, chief security technology officer for British Telecom, who told The NYT that "in the scheme of things, how many people do we know who rely on these certificates for anything? When was the last time you checked your browser certificates to make sure they’re good?"
So, we are now keeping our eyes out for bulk purchases of PS3s, or at least stolen truckloads of the console such as the 1,400 that were 'lifted' from a depot last year.
Comment