At a conference at the end of December, security researchers from the United States and Europe demonstrated how someone could hack into a version of SSL, or Secure Sockets Layer, which is a technology that allows the transmission of private data via the Internet.

With the MD5 version of SSL, the researchers used PlayStation 3 game consoles to appear as a trusted Certificate Authority, or CA.  The CA is a licensed company that issues a digital certificate. This certificate enables the encryption of sensitive information and verifies the identity of the certificate owner when it is issued.

After disguising themselves as CA’s, the researchers demonstrated how these fake certificates could give the illusion of legitimacy to a phishing web site designed to steal bank account passwords.

For example, when Media Genesis is hosting a site for an e-commerce client who accepts credit card information we need to work with a CA to ensure that all sensitive information is securely protected.

Since the MD5 version of SSL has proven vulnerable to hackers, many CA’s are now only using SHA-1. Both MD5 and SHA-1 are hashing functions used in cryptographic algorithms. The main difference is that the encryption key-size in MD5 is 128-bits. In SHA-1 it’s 160-bits, which is why SHA-1 is harder to break and a more secure certificate. Media Genesis has done extensive research on different CAs and MD5 versus SHA-1. Media Genesis only uses CA’s that have moved to SHA-1 certificates.

The following CA’s that Media Genesis uses are:

• Verisign
• Netsol
• Thawte
• Comodo
• GoDaddy

For more information email us at inquiry@mediaG.com.