PC World

Continued support for MD5 endangers widely used cryptographic protocols

The old and insecure MD5 hashing function hasn’t been used to sign SSL/TLS server certificates in many years, but continues to be used in other parts of encrypted communications protocols, including ...
Bleeping Computer

This image shows its own MD5 checksum — and it's kind of a big deal

Generating checksums—cryptographic hashes such as MD5 or SHA-256 functions for files is hardly anything new and one of the most efficient means to ascertain the integrity of a file, or to check if two ...
Infosecurity-magazine.com

Proof of Concept Attack Further Discredits MD5

Researchers from the École Polytechnique Fédérale de Lausanne in Switzerland, the Eindhoven University of Technology and the University of Berkeley among others used the machines to create a rogue ...
CSOonline

MD5 attack puts RADIUS networks everywhere at risk

A design flaw in the decades-old RADIUS authentication protocol allows attackers to take over network devices from a man-in-the-middle position by exploiting MD5 hash collisions. The “secure enough” ...
InfoWorld

Oracle to Java devs: Stop signing JAR files with MD5

Starting in April, Oracle will treat JAR files signed with the MD5 hashing algorithm as if they were unsigned, which means modern releases of the Java Runtime Environment (JRE) will block those JAR ...
Dark Reading

Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker

If you've ever watched TV and movies about cybersecurity, you probably envision someone sitting in a dark room trying to guess someone else's password based on a few facts like their kids' names or ...
ZDNet

A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Some of the projects that use MD5 as the default method for storing user passwords include WordPress, osCommerce, SuiteCRM, miniBB, SugarCRM, CMS Made Simple, MantisBT, Phorum, Observium, and X3cms.