On 30.12.2008 17:39, Nelson B Bolyard wrote:
The upshot of this is probably going to be that, in a short time, all the world's browsers (and PKI software in general) stop supporting MD5 for use in digital signatures.
What is MD2? Is that a weaker predecessor of MD5? According to Wikipedia (en/de), MD2 was created 1988 for 8bit processors, and MD5 was created 1991 by the same guy, as replacement for MD4, which was back then considered not secure. In 2004, MD2 was demonstrated to be vulnerable.
Yet, when I went through the cert store, I see not only MD5 certs, but MD2 certs as well. Partially from VeriSign. How comes? Why were they not removed? Surely there was plenty of time to renew any cert issued under them in the meantime.
Ben _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
