|
Indeed for what concerns the rougue-CAs the best way is always to break what's existing and catch low hanging fruits. I mean, there are so many house-made CAs in enterprises (e.g., handling enterprise stores, VPNs, and so on) that are vulnerable, not enough protected or even not updated that it is enough for years ahead. Not speaking of certificates that can be stolen from the enterprise BYOD terminals..
These studies are extremely interesting, but are accademic exercises, meant to force CA producers/sw vendor to change default hash algos or crypto suites. The problems above instead, will stay, whatever hash algo you use :-)
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
|