Researchers Use PS3 Cluster to Reveal an Internet Security Flaw
Update: Verisign says it's stopped using MD5, as of around noon Pacific time. To quote:
"We're disappointed that these researchers did not share their results with us earlier," writes Tim Callan, "but we're happy to report that we have completely mitigated this attack."
Is there anything the PlayStation 3 console can't do? From stopping cancer to simulating black hole collisions... and now breaking Internet security?!
A team of researchers from the U.S., Switzerland and the Netherlands have found a way of bypassing the security of digital certificates provided by companies like Verisign. These digital certificates help transmit your credit card information on the Internet in a secure manner.
By using 200 PS3 systems linked together, researchers were able to do the math that helped them decrypt the MD5 hash that's used by Verisign. The researchers would be able to mimic online retail sites, potentially stealing tons of valuable information from consumers. It appears researchers want the hash to be replaced by a more potent one.
Finally, it's unrealistic to expect hackers will be able to replicate the results of these researchers any time soon. Getting 200 PS3s linked to each other can be quite a pricey feat!
More PlayStation 3 News...
To bad this can't be put to use to decrypt those encrypted flags on the console
Just hack the PS3.......
Sure, this is PS3 news related, but the ONLY reason I and MANY other people come to this site is to find out if I can finally play backups on my PS3. They can send a man to the moon but they can't hack the PS3? Are $ony's and the rest of those company's engineers smarter than the ones at NASA?
Or is the "scene" just taking too long trying to think of a way to cash in on the hack?
I know this was the case for the new Lite-on Xbox360 drive. Instead of releasing the 1.5fw as soon as, or a short while after completion, they make a "solution" but it requires you to purchase a tool and have a spare benq drive. Then once they make enough money, the easy, no-cost hack is released.
And guys, when you finally decide to let us be able to play backups, please let us be able to load the games from a hard drive. This is part of the reason why the hack is not being released sooner. Blank blu-ray media is expensive and so are the writers.
And yes, I know I'm lucky to be getting anything at all. I'm just ranting.
Contrary to the mentality quoted above, many prefer legitimate news to PS3 piracy since it only kills the console (look at the PSP, sure hardware sales went up initially but now hardware and software is down with more developers likely to bail on the PSP in 2009 for more lucrative platforms).
Couple that with the fact that Sony is likely to come darn hard (fines, prison) on whoever hacks their prized PS3 makes many PS3 Devs reluctant to publically release such things as 'loaders' when the risk isn't worth the typical "nice release, gimme more updates!" replies from most leechers.
I guess if that is all you visit our Web site for that is your choice, but the rest of us are actually here for a lot more. Until there is a legitimate "Hello World" on the retail PS3 there won't be any 'loaders' so I'd say those holding out for when they can play PS3 back-ups are in for a long haul.
What ever happened to the project to use PS3s to hack the PS3 encryption through otherOS? If 200 PS3s can hack MD5, what could all of the connected PS3s in the entire scene do?
There is an older detailed reply to that somewhere in the Forums, but finding it now would take more time than it's worth probably.
In short, the project leaders (PS3 Devs) opted to stop that direction and move to other areas instead. I can only assume they know what is best, so since then we just redirected the project page (http://keyvault.ps4news.com) to our main page.