Levar a teoria a sério

um artigo de opinião interessante:

Time to Take the Theoretical Seriously
Chris Wysopal, 2009-01-16

um excerto:

"By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. (...)

The MD5 algorithm has been known to be weak for many years. (...)

Three years later, a Dutch researcher built on this work and detailed significantly more efficient MD5 collisions using a chosen-prefix attack. Still, certificate authorities went on using MD5.

When did they stop? They stopped right after the Rogue CA presentation. Theory, it seems, is good enough to get attackers to build attack tools, but not good enough to get software vendors and service providers to make their software more secure."