Sunday, March 22, 2009

Google - MD5 Cipher

I just noticed that in my error messages on Google an MD5 Cipher is being used:

version=TLSv1/SSLv3 cipher=RC4-MD5

I am not an expert on TLS and SSL but the latest SSL hack that got a lot of hoopla in the news was using an SSL certificate with MD5 encryption. It has been widely reported that SHA is much more secure and MD5 has been vulnerable for a while. Why is Google using MD5 in that case?

MD5 hacked