Ferret out weak PKI certificates

Firefox add-on checks for MD5 hashes

Worried that the security certificates you receive have been signed using the MD5 algorithm and, hence, susceptible to forgery? Take a look at a Mozilla Firefox browser add-on called SSL Blacklist. The latest version detects and warns about certificate chains the browser comes across that use that MD5 algorithm. "It might be a nice addition to the arsenal," noted SANS instructor Mark Hoffman.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

inside gcn

  • development (

    Developing low-code apps for city services

Reader Comments

Thu, Jan 8, 2009 Paul Hoffman

This article and the previous one have significant errors. Certificates signed with MD5 have no chance of being forged. The CAs who issue them may be fooled into issuing new certs that can be used to issue bad certificates, but that is completely different than saying that a current cert could be forged. GCN is about the only major news source that got this wrong last week; it is sad to see it repeated now.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group