MD5 collision in X509 certificates
Dan Kaminsky
dan at doxpara.com
Wed Mar 2 12:05:04 EST 2005
Ben Laurie wrote:
> Dan Kaminsky wrote:
>
>> The x.509 cert collision is a necessary consequence of the earlier
>> discussed prime/not-prime collision. Take the previous concept, make
>> both prime, and surround with the frame of an x.509 cert, and you get
>> the new paper.
>
>
> Actually, not - an RSA public key is not prime. Generating colliding
> public keys takes quite a bit more work.
*laughs* Yes, I suppose it would be difficult for pq to be prime now
wouldn't it :)
So they've basically solved:
md5(pq) == md5(p'q')
For integer values of p, q, p' and q'. You are right, this is much more
work.
--Dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list