Activity 12-3: Creating a Rogue Server Certificate by Breaking a Hashing Algorithm Time Required: 30 minutes Objective: Investigate what attackers can do with the results of an MD5 collision. Description: Collisions for hashing algorithm have been more of a theoretical threat, but computing power that could find collisions is getting closer to being a reality. As of this writing, experts estimate that a SHA-1 collision would cost between $75,000 and $120,000 with rented equipment from Amazon Web Services (AWS). Collisions in MD5 have been demonstrated for more than a decade, however. Until recently, even some well-known CAs used MD5 to generate Web server SSL certificates. In this activity, you research whats pos- sible when smart researchers decide to call attention to a major security problem on the Internet.