MD5 hashing is no more secure !

An international group of security researchers and academic cryptographers said MD5 hashing is no more secure & advised browsers, certificate authorities to drop support for digital signatures based on MD5 hashing. They said, after they claimed to have produced fake digital certificate but a valid one from MD5. The researchers presented about this in 25th Chaos Communications Conference in Berlin, Germany. During the presentation, they claimed to create a fake certificate authority which can distribute fake digital certificate, which most of the browsers in the market can accept & trust.

This vulnerability can lead an opportunity for criminals to use fake certificates for the man-in-the-middle attack which could collect sensitive information normally protected by SSL encryption, the researchers said.
The major browser Microsoft & Mozilla has been informed about this vulnerability & they said the necessary action has been taken to protect their users.

It’s imperative that browsers and CAs stop using MD5, and migrate to more robust alternatives such as SHA-2 and the upcoming SHA-3 standard. ”  Arjen Lenstra, the head of the Laboratory for Cryptologic Algorithms at the Swiss Federal Institute of Technology said in the statement.

Microsoft has already started to respond to this matter said one of the microsoft official. “Microsoft is not aware of any  attacks due to this vulnerability, but any way the action has been taken and we made all the certificate authorities aware of this issue”, said the microsoft. Microsoft has even advised certificate authorities to migrate from MD5 hashing to strong SHA-1 signing algorithms.