Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Fox-IT Completes the Picture On the Factored RSA-512 Keys

gatekeep Re:Short answer (38 comments)

Fox-It is based in the Netherlands. This makes it likely that the author's native language is not English.

Would you be able to form a coherent thought in Dutch that a native speaker wouldn't find awkward?

more than 3 years ago

Glenn Beck Loses Dispute Over Parody Domain

gatekeep Re:I wonder... (1172 comments)

Nope, it's available :) $ whois didglennbeckrapeandmurderayounggirlin1991.com [Querying whois.verisign-grs.com] [whois.verisign-grs.com] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net/ for detailed information. No match for domain "DIDGLENNBECKRAPEANDMURDERAYOUNGGIRLIN1991.COM". >>> Last update of whois database: Tue, 10 Nov 2009 16:15:08 UTC

more than 5 years ago

CCC Create a Rogue CA Certificate

gatekeep Re:A nice piece of work (300 comments)

"The weakest trusted CA in the world compromises the entire public key infrastructure."

That's a slight overstatement. It compromises the entire public key infrastructure for which that CA is the root of trust.

If you removed all MD5-enabled CAs from your trusted roots list, you remove the potential of being fooled by a forged cert. Certs issued by other CAs, unaffected by the brute-force MD5 collisons, remain as trustworthy as they ever were.

Granted, for most people the chain of trust ties back to the default CAs that ship with their browser, and if any of those CAs is vulnerable, your faith in any cert validated as 'trusted' by your browser goes down, and most people don't bother looking at what CA issued the cert so long as their browser deems it trustworthy, but it's a little more nuanced that 'compromises the entire PKI infrastructure.'

I suspect browser patches will be out soon, removing trust for affected CAs entirely, not trusting them past a certain date, or at least giving warnings when MD5 signature verification is found along the chain of trust.

about 6 years ago


gatekeep hasn't submitted any stories.


gatekeep has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?