|
www.sixxs.net SSL certificat
![[fr]](/s/countries/fr.gif) Shadow Hawkins on Friday, 16 July 2010 01:46:30
Hi,
It seems like the www.sixxs.net cert is signed with MD5, which has been demonstrated to be insecure (cf. http://www.win.tue.nl/hashclash/rogue-ca/).
I know it's a CACert certificate, and I am quite sure it's possible to regenerate it to be signed with sha.
Thanks for the good service, and have a nice day.
- Raffaello
www.sixxs.net SSL certificat
I am quite aware of that paper (quite some time before they released it to the public even, check the locations where they actually did the calculations and you would understand why ;)
As for the Cert, 00:9C:21 (2010-01-26 = 2012-01-26) is SHA-1 signed and has both an MD5+SHA1 fingerprint, the Certificate Signature Algorithm: "PKCS #1 SHA-1 With RSA Encryption" thus nothing strange there.
Note that the CACert Class 3 certificate indeed uses MD5, but CACert don't have a solution for that yet.
Nevertheless, I wonder why you throw this on the forum btw, instead of mailing info@sixxs.net if you think it is a security issue in the first place.
www.sixxs.net SSL certificat
Shadow Hawkins on Friday, 16 July 2010 12:46:18
Ok, I didn't check and just assumed it was the sixxs cert which was md5 signed.
As this post should not be on this forum, please delete it.
|
![[ch]](/s/countries/ch.gif)
on Friday, 16 July 2010 11:22:36
Posting is only allowed when you are