Short announcement: MD5 considered harmful today - Creating a rogue CA certificate
Weger, B.M.M. de
b.m.m.d.weger at TUE.nl
Tue Dec 30 10:40:44 EST 2008
Hi all,
Today, 30 December 2008, at the 25th Annual Chaos Communication Congress in Berlin,
we announced that we are currently in possession of a rogue Certification
Authority certificate. This certificate will be accepted as valid and trusted by
all common browsers, because it appears to be signed by one of the commercial root
CAs that browsers trust by default. We were able to do so by constructing a
collision for the MD5 hash function, obtaining a valid CA signature in a website
certificate legitimately purchased from the commercial CA, and copying this
signature into a CA certificate constructed by us such that the signature remains
valid.
For more information about this project, see http://www.win.tue.nl/hashclash/rogue-ca/.
The team consists of:
Alexander Sotirov (independent security researcher, New York, USA),
Marc Stevens (CWI, Amsterdam, NL),
Jacob Appelbaum (Noisebridge, The Tor Project, San Francisco, USA),
Arjen Lenstra (EPFL, Lausanne, CH),
David Molnar(UCB, Berkeley, USA),
Dag Arne Osvik (EPFL, Lausanne, CH),
Benne de Weger (TU/e, Eindhoven, NL).
For press and general inquiries, please email md5-collisions at phreedom.org.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list