MD5 collision in X509 certificates
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Fri Mar 4 16:18:31 EST 2005
On Wed, Mar 02, 2005 at 12:35:50PM +0000, Ben Laurie wrote:
> Cute. I expect we'll see more of this kind of thing.
>
> http://eprint.iacr.org/2005/067
>
> Executive summary: calculate chaining values (called IV in the paper) of
> first part of the CERT, find a colliding block for those chaining
> values, generate an RSA key that has the collision as the first part of
> its public key, profit.
>
What is the significance of this? It seems I can get a certificate for
two public keys (chosen, not given) while only proving posession of the
first. Is there anything else? In what sense is the second public key
useful to the attacker?
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list