Entrust claims its SSL is secure

Published: January 12th, 2009

Entrust Inc. has announced its secure sockets layer certificates are not affected by a security hole discovered last month at the Chaos Communication Congress.

On Dec. 30, a team of European researchers demonstrated they were able to exploit a weakness in the MD5 hash algorithm in VeriSign’s automated RapidSSL service. As a result, they said, they were able to impersonate Web sites, including e-commerce sites using the HTTPs protocol.

Addison, Tex.-based-based Entrust, which makes public key infrastructure software, said its SSL certificates use SHA-1, a hash algorithm that is not susceptible to the MD5 vulnerability.

Entrust published a paper on its Web sites listing recommended security precautions.