Category Archives: News

News Relating to CAcert

SHA1 getting insecure : WinXP-SP2, Debian Stable, FreeBSD 6.1, OSX 10.4 affected!

SHA-1 has just been broken a bit more: http://www.heise-security.co.uk/news/77244
CAcert is aggressively moving to SHA-2 as we speak.

Microsoft will support SHA-2 only in Windows Vista according to our sources.
Debian Stable, FreeBSD and OSX don´t provide SHA-2 in their current versions.
SuSE, Knoppix, FC5, Ubuntu, Mandriva, … all support SHA-2 already.
Read more details about SHA-2 support of various applications and distributions on http://wiki.cacert.org/wiki/HashInterop

Please contact your vendor to tell them that you need SHA-2 support!

http://en.wikipedia.org/wiki/SHA

SANE (network and systems admin conference) Cacert Assurances in Delft Holland

Leave a reply

At the SANE2006 system and network admin conference running from 15th of May 2006 up to Friday 19th of May 2006 in Delft, Holland (see SANE2006) CAcert Assurances as well PGP signing can be done. At Wednesday 17th of May 2006 there is from 18:30 a special (free entrance) Bazar with a CAcert booth to obtain your assurance or to assure others.

The event location is: TU Delft, Aula Congress Centre, Mekelweg 5, Delft, Holland.

Be prepared and do your preparations see CAcert web site or SANE2006 CAcert info.

CAcert Assurances at USENIX’06 conf May 30-June 3 2006, Boston USA

Leave a reply

At the annual technical USENIX’06 conference running from 30th of May till June 3rd, 2006 in Boston, USA you will be able to be assured by CAcert Assurers and obtaining more information at the Birds of Feather session at one of the evenings at the conference. If you only want to be assured and not attend the conference feel free to walk in and ask for a CAcert Assurer. If you want your PGP key signed feel free to drop in as well.

Be prepared and visit the CAcert web site for the preparations (Assurer Forms, registration account, etc.).

For more information see BOSTON06

EFF discovers NSA Wiretap on AT&T traffic

Leave a reply

The Electronic Frontier Foundation filed the legal briefs and evidence supporting its motion for a preliminary injunction in its class-action lawsuit against AT&T, claiming that AT&T is diverting Internet traffic into the hands of the NSA wholesale, in violation of federal wiretapping laws and the Fourth Amendment.

EFF Breaking News

Is there a Moore’s Law for Certificates?

Leave a reply

The issue of statistics came up again today (as it does from time to time), currently CAcert is experiencing linear growth rates both in the number of certificates issued each month and the numbers of new signups. Assurances tend to be a bit spikey depending how many conferences attended.

In any case, the number of certificates issued has more then doubled in the past 10 months (about May last year is the half way point) so one must wonder where things are headed if the same trend continues.

Some quick stats for people, about the begining of this month we issued our 100,000th certificate, and about the same time we had our 50,000th signup, and by this time next year we could easily have more then double both those numbers.

GeoTrust issues certificate for phisher

2 Replies

Interesting analysis of a phishing attack at – especially the comments about the verification mechanisms of GeoTrust.

Apachecon US 2005

2 Replies

I will be manning the booth for CAcert at the ApacheCon 2005 US meeting in San Diego. I plan to be at the booth from at least 09:00 in the morning through 16:00 in the afternoon. I will stay later if there are still people coming by. Please bring as many people as you can to have assurance added to their accounts. It will help to have CAP forms pre-printed with the applicant’s information, but I will have blanks with me as well. Remember, 2 forms of official ID will be needed, at least one being photo.

I will most likely not have a computer available for people to sign up on the spot, but I can always check ID and complete paperwork, then enter in assurance points after they sign up later.

I will be happy to cross-sign GPG/PGP keys as well, so be sure to bring key fingerprints along if you want to add to your keyring signatures. On the same note, please let me know if a key signing party is being planned.

If there is anybody that can not attend the conference itself, but would like to be assured, please let me know and we can meet in the hotel lobby outside of the regular conference hours.

Feel free to contact me CAcert at mail4geeks dot com if you have any questions or would like to arrange a meet up while I am in town.

CAcert root included in Nokia 770

Leave a reply

Nokia has included the root certificate of CAcert into the new Nokia 770 Internet Tablet. This makes it possible to use secure websites, encrypt and digitally sign emails with free certificates from CAcert.org.

Currently Knoppix, Debian, Gentoo, Ubuntu, and other Linux distributions have incorporated CAcert into their products already, Nokia is the first commercial vendor to approve CAcert for it’s products. One of the main goals of CAcert was to be included in major browsers and CAcert continues to actively pursue other vendors such as Opera, Mozilla and Microsoft to be included as part of their browsers.

CAcert is a community certification authority that issues free SSL certificates worldwide for individuals and organisations, and CAcert aims to enable better privacy for the Internet. CAcert is committed to high standards of security and verification, to achieve this goal CAcert operates a worldwide network of Assurers who are verifying the identities according to the 4 eyes principle (or better), to have a high level of verification as it is of little benefit having security if you aren’t sure who you really are communicating with at the other end.

Time for the paranoid to start upgrading keys

2 Replies

“MathWorld News is reporting that RSA-640 has been factored. F. Bahr, M. Boehm, J. Franke, and T. Kleinjung, memebers of the German Federal Agency for Information Technology Security (BSI) announced they had cracked the 193-digit number last Friday using the General Number Field Sieve. The team purportedly used 80 opteron CPUs and 5 months to achieve victory.”

I realise that 1024bit keys are exponentially bigger then 640bit, however this shows that the time to crack 1024bit keys are getting awfully close to useless when dealing with material that needs a longish life span, not to mention some of the root certificates in browsers are still 1024bit, and even if it took these guys 5 times as long, those certificates are still going to be valid when they get finished.

And people complained about the 4096bit certificate CAcert uses 🙂 (well complained because not all apps supported key sizes bigger then 1024bit!)

PS found this website, which gives a break down of how long you can expect varying keylengths to be good for.

Protected: JDL 2005 à Lyon, France.

Enter your password to view comments.