Blocking access to MD5 signed certs

Published: 2009-01-02
Last Updated: 2009-01-02 22:07:13 UTC
by Mark Hofman (Version: 1)
1 comment(s)

A few people have written in regarding the Firefox plugin SSL Blocklist

The tool has been around for a while, but they have added the ability to detect MD5 signed certificates and block access.  It might be a nice addition to the arsenal.  Whilst the address bars in FF and IE do seem to turn green when the site has a SHA signed cert (at least it did for the sites I tested), this might be a bit more obvious. You only get the padlock when the site is MD5 signed.

Mark H

Keywords: MD5 Certificate
1 comment(s)

Comments

The green doesn't necessarily mean it uses sha1 for hashing the signature, it just means it is an "extended valiadation" cert, though for the money it probably is sha1.
http://en.wikipedia.org/wiki/Extended_Validation_Certificate

Diary Archives