[Ach] (no subject)
Rainer Hoerbe
rainer at hoerbe.at
Sat Jan 11 21:36:10 CET 2014
Finden SHA1-collisions requires 2**63 tries (may be a bit less). Faking a certificate this way is quite expensive, there are cheaper ways.
No you do not be worried, because the security value of those commercial certificates ist near zero anyway. GoDaddy have been insuniated that they have been hacked in the past. The question is why to pay for a certificate of low value, when you can get the same product elsewhere for free, e.g. Startssl.
- Rainer
Am 11.01.2014 um 15:02 schrieb Ahmad Bilal <ahmadbilal200854 at gmail.com>:
> I have a question. I recently bought a certificate from godaddy, and during the installation I chose SHA-2, but the Certificate Signing Request in raw form has SHA-1 written on it, and not SHA-2. Should I be worried?
>
>
>
> --
> Ahmad Bilal
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140111/d56699d5/attachment.html>
More information about the Ach
mailing list