MD5 CA hack and the PS3

If you haven't heard, a security research group has created a hack using a weakness in the MD5 hash algorithm to create "valid" certificates that will be trusted by your browser (here is a site with some good demos of the process).  Basically, they are generating a certificate through a bogus Certificate Authority (CA) that is identical to one generated by a valid CA, and your browser has no way of knowing the difference.  The good news is that most CA's now use SHA-1 as their hash algorithm, but there are still a few CA's that use MD5.

But what I thought was a funny tidbit about the hack is that the researchers constructed the attack "using an advanced implementation of a known MD5 collision construction and a cluster of more than 200 PlayStation 3 game consoles" (emphasis added).  Yep, that's right - PS3's.  I picked up on this because over a year ago I wrote a short post here at Computerworld about a story that talked about the New Zealand-based security researcher Nick Breese using the PS3 "to crack passwords at speeds 100 times greater than Intel hardware is capable of."

I said this in that post:

[N]o one is really saying that this is a real and current threat to Windows passwords and SSL.

And because the Playstation is cheaper than your typical PC, it could become something to think about in the future.

Though I am not saying that hackers are going to start buying PS3's in bulk and use them for cracking SSL, I can say that it now looks like this is a more viable option.  And I am sure Sony won't object.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.