[17011] in cryptography@c2.net mail archive
Re: MD5 collision in X509 certificates
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Sat Mar 5 10:42:09 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 4 Mar 2005 16:18:31 -0500
From: Victor Duchovni <Victor.Duchovni@MorganStanley.com>
To: Cryptography <cryptography@metzdowd.com>
Mail-Followup-To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <4225B326.4070706@algroup.co.uk>
On Wed, Mar 02, 2005 at 12:35:50PM +0000, Ben Laurie wrote:
> Cute. I expect we'll see more of this kind of thing.
>
> http://eprint.iacr.org/2005/067
>
> Executive summary: calculate chaining values (called IV in the paper) of
> first part of the CERT, find a colliding block for those chaining
> values, generate an RSA key that has the collision as the first part of
> its public key, profit.
>
What is the significance of this? It seems I can get a certificate for
two public keys (chosen, not given) while only proving posession of the
first. Is there anything else? In what sense is the second public key
useful to the attacker?
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
