Colliding X.509 Certificates
Weger, B.M.M. de
b.m.m.d.weger at TUE.nl
Tue Mar 1 14:21:37 EST 2005
Hi all,
We announce the construction of two different valid X.509 certificates
that have identical signatures. This is based on MD5 collisions.
One could e.g. construct the to-be-signed parts of the certificates,
and get the one certificate signed by a CA. Then a valid signature for
the other certificate is obtained, while the CA has not seen proof of
possession of the private key of this second certificate.
The certificates we constructed can be downloaded from
http://www.win.tue.nl/~bdeweger/CollidingCertificates/.
>From this site some more technical information can be downloaded as
well.
We provide a short paper explaining in detail our method.
It is available on the website, and on the Cryptology ePrint Archive,
at http://eprint.iacr.org/2005/067.
This is joint work with Arjen Lenstra (Lucent Bell Labs and TU
Eindhoven)
and Xiaoyun Wang (Shandong University).
Grtz,
Benne de Weger
=========================================
Technische Universiteit Eindhoven
Coding & Crypto Groep
Faculteit Wiskunde en Informatica
Den Dolech 2
Postbus 513
5600 MB Eindhoven
e-mail: b at m@m at d@weger.tue at nl
www: http://www.win.tue.nl/~bdeweger
=========================================
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list