The weak point that allows the technique to work—which researchers will be detailing at the 25th Chaos Communication Congress in Berlin—is the MD5 hash algorithm, which, basically, is what's used to create a fingerprint that makes it hard to forge digital certificates. Verisign's RapidSSL still uses the MD5 hash algorithm.

So, where do the crack-friendly PlayStation 3s come in? Well, they have to generate CA certificiate—the certificate that allows them to sign and verify certificates for any other site—and a website certificate that produce the same MD5 hash. A cluster of 200 PS3s were used to figure out where the MD5 hashes of their forged CA certificate and website certificate "collide," allowing them to "crunch out their forgery in about three days."

What's all this mean? David Molnar, a computer science PhD candidate, Threat Level talked to, explains it best: ""We can impersonate Amazon.com and you won't notice...The padlock will be there and everything will look like it's a perfectly ordinary certificate." Thankfully, the hack is hard, but the solution is pretty easy—just switch to a more secure hash, which many companies have done. Verisign is currently in the process of phasing out the MD5 hash. [Threat Level]

When intruders do try to hack a quantum exchange, photons in the network become scrambled and the rise in the error rate causes that line to get shut down. The exchange is then automatically rerouted through a different node so that the sender and receiver remain in continuous secure contact. Scientists are currently trying to market it to banks and other holders of sensitive information.

Is it really unbreakable though? Hard to say. Currently there aren't any methods to fully eavesdrop on information while avoid detection, but researchers at MIT were able to nab about 40% by reading the momentum of photons. I can bet that hackers will be all over this, now that the scientists have more or less issued a direct challenge for them to try. [BBC]

Too lazy to build yourself an Enigma machine from a DIY kit? If you've got enough money, say, fifteen thousand dollars or so, why not just buy this original Enigma 3 machine off of eBay? The seller is in Germany and the auction ends on April 3rd. Frankly, we don't know how anyone is expected to resist this item when the owner makes sweet, sweet promises like: "ORIGINAL!!! KEIN NACHBAU!!! VOLL FUNKTIONSTUCHTIG!!!!".

Enigma 3 Walzen Chiffriermaschine Chiper Weltkrieg 1941 [eBay, via Boing Boing]

If you're not a cryptography or World War II nerd and you know anything about the Enigma machine, chances are you've read Neal Stephenson's novel Cryptonomicon, in which fictional characters work alongside historical figures like Alan Turing to crack the Axis codes and sink Nazi submarines.

Designed as a project to raise funds for museums, the Enigma-E DIY Building Kit is £119.99 from Bletchley Park and €130 from the Museum Jan Corver and comes with every component required to assemble machine. You will need basic soldering skills and some knowledge of electronics to figure out the circuits though. If that's too much money or too much technical know how, you can always try out the Paper Enigma Machine.

Enigma-E DIY Building Kit
Enigma-E Kit [Bletchley Park Shop]
Enigma-E DIY Building Kit (scroll down) [Museum Jan Corver]
Enigma-E: Recreating The Infamous Nazi Code Machine Electronically [Retro Thing]