Information regarding MD5 collisions problem
Tuesday, December 30, 2008
Today Microsoft released a security advisory (961509) regarding collisions in MD5 hashes on certificates. This specific problem affects the entire industry and is not a Microsoft specific vulnerability. Serious weaknesses in MD5 have been known for many years now; it is because of these weaknesses that MD5 is banned in new code under the Microsoft Security Development Lifecycle (SDL).