WISeKey QuoVadis

News and Events

QuoVadis Certificates Secure from Recently Discovered SSL Vulnerabilities
5 Aug 2009

Security researchers unveiled a number of new possible threats to SSL security in browsers at the 2009 Black Hat USA and DefCon conferences. QuoVadis SSL certificates are safe from the threats outlined in the attacks, including:

  • MD2 Vulnerability – Researchers predict that digital certificates that use the MD2 hash algorithm may be subject to certain attacks (called pre-image attacks) within the year. QuoVadis uses SHA-1 and SHA-256 in its digital certificates, and has never used MD2.
  • Null Characters Vulnerability – Researchers have demonstrated that, by submitting certificate requests with null characters to certain Certificate Authorities who use automated domain validation, they have been able to acquire SSL certificates that can trick users of some software that they are viewing one website when in fact they are viewing an imposter – even though the padlock and other SSL indicators are visible. QuoVadis’ SSL certificiates may not include null characters and are not susceptible to this attack.

QuoVadis recommends the use of Extended Validation (EV) SSL, which feature extensive vetting before issuance as well as improved user indicators in browsers as a defense against the growing number of scams and attacks focussed on secure websites.  QuoVadis does not issue domain validated SSL certificates.

Read more about the new SSL hacks here.