Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Continued support for MD5 endangers widely used cryptographic protocols

Lucian Constantin | Jan. 8, 2016
Researchers showed authentication and impersonation attacks against protocols that still support MD5 in some of their components.

The researchers have warned that SHA-1, which is also known to be theoretically vulnerable to collisions, could lead to similar problems in the future if it's not removed from TLS 1.2 implementations in a timely manner.

"If practical collision attacks on SHA1 appear, then many constructions in TLS, IKE, and SSH will be breakable," they said. "So, if you can afford to do so, get rid of MD5 and SHA1 in all your protocol configurations."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.