Short announcement: MD5 considered harmful today - Creating a rogue CA certificate

Weger, B.M.M. de b.m.m.d.weger at
Tue Dec 30 10:40:44 EST 2008

Hi all,

Today, 30 December 2008, at the 25th Annual Chaos Communication Congress in Berlin,
we announced that we are currently in possession of a rogue Certification
Authority certificate. This certificate will be accepted as valid and trusted by 
all common browsers, because it appears to be signed by one of the commercial root 
CAs that browsers trust by default. We were able to do so by constructing a 
collision for the MD5 hash function, obtaining a valid CA signature in a website 
certificate legitimately purchased from the commercial CA, and copying this 
signature into a CA certificate constructed by us such that the signature remains 

For more information about this project, see

The team consists of: 

Alexander Sotirov (independent security researcher, New York, USA), 
Marc Stevens (CWI, Amsterdam, NL), 
Jacob Appelbaum (Noisebridge, The Tor Project, San Francisco, USA), 
Arjen Lenstra (EPFL, Lausanne, CH), 
David Molnar(UCB, Berkeley, USA), 
Dag Arne Osvik (EPFL, Lausanne, CH), 
Benne de Weger (TU/e, Eindhoven, NL).

For press and general inquiries, please email md5-collisions at

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list