SSL falls foul to PS3, well 200 of them.

January 1, 2009 – 9:06 pm

The MD5 checksum algorithm should create a unique signature for every file…but it has a flaw. This flaw was theorized in 2004 by a team of Chinese developers who proved that you can create two different files that had the same MD5 hash. In 2007, another team showed how this can be put into practice.

This week a group of scientists used a cluster of 200 PS3′s and actually did this…they created a rogue SSL certificate authority which was used to create perfectly valid SSL certificates. Using these a web visitor would have absolutely no idea that they were visiting a compromised web server.

While this exploit was designed and deployed by researchers and not hackers…it shows the power that is available. In this case the researchers used PS3′s, I have no idea why, perhaps they had a few available.

Cloud Computing gives the developer access to scalability and resources that they quite possibly would not be able to afford in other circumstances. The fear is that this enormous power could be used to create a super computer that could do more harm than good…the sort of thing a villain in a James Bond movie would crave.

You can find more information here:
http://phreedom.org/research/rogue-ca

  • Share/Bookmark
  • 200 PS3s would cost 200x250, say, that's 50,000. That's really cheap for a super computer, that needs nothing but a bit of space. These nextgen consoles are actually perfect ways to build cluster computers.
blog comments powered by Disqus
Spouting Shite is powered by WordPress. Entries (RSS) and Comments (RSS). Ross is a principle at Rozmic the people behind the emailcloud spam filtering service