Tip:
Highlight text to annotate it
X
A lot of security is staying one step ahead of the bad guys. Take MD5, a cryptographic
hash function used to validate digital signatures and SSL certificates. It’s widely used,
but it has a weakness.
A hacker, given enough compute power, can crack the hash, allowing the bad guys to create
bogus certificates that spoof legitimate sites.
Now, early on we saw vulnerabilities with the MD5 algorithm and switched to SHA1, considered
to be much more secure.
A year later when researchers publically cracked the MD5 with a PlayStation 3s, we knew we’d
made the right decision.
But even with SHA1 we need to stay one step ahead.
With advances in computing power it is only a matter of time before 1024 bit SSL keys
become vulnerable.
So, we switched our default to 2048 bit keys to preserve the level of security our customers
need.
In the end it all comes down to paying close attention, and staying ahead of the bad guys.
F5. Security is our job.