MD5 break open

router · 04-05-2005, 03:22 PM

According to spacedaily.com Md5 cipher is break open.
http://www.spacedaily.com/news/cyberwar-05i.html

Maybe its a time to implement something more complex?
Like this:

234 AUTH TLS successful
Connected. Negotiating TLSv1 session..
TLSv1 negotiation successful...
TLSv1 encrypted session using cipher DHE-DSS-AES256-SHA (256 bits)

This is welcome message from linux glftpd.

bounty · 04-05-2005, 03:38 PM

this is with ioftpd:

234 AUTH TLS successful.
Connected. Negotiating SSL/TLS session..
SSL/TLS negotiation successful...
TLSv1/SSLv3 encrypted session using cipher DES-CBC3-SHA (168 bits)

isn't that enough ?

bounty

neoxed · 04-05-2005, 04:14 PM

router: The hash collisions found in MD5 and SHA-1 (and others) only affect hashes, not HMAC based handshakes (supported by SSL v3 and TLS v1).

However, the SHA-1 password hashes stored in ioFTPD's user-files would be affected. But this is a very low-risk threat; since the attacker would need physical access to ioFTPD's user-files to leverage hash collision during brute forcing.

router · 04-11-2005, 12:57 PM

bounty:
How you have created your cer?

Update: sorry for double topic.
I already find the answer.