[141453] in cryptography@c2.net mail archive
Short announcement: MD5 considered harmful today - Creating a rogue
daemon@ATHENA.MIT.EDU (Weger, B.M.M. de)
Tue Dec 30 19:07:05 2008
From: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>
CC: "md5-collisions@phreedom.org" <md5-collisions@phreedom.org>
Date: Tue, 30 Dec 2008 16:40:44 +0100
Hi all,
Today, 30 December 2008, at the 25th Annual Chaos Communication Congress in=
Berlin,
we announced that we are currently in possession of a rogue Certification
Authority certificate. This certificate will be accepted as valid and trust=
ed by=20
all common browsers, because it appears to be signed by one of the commerci=
al root=20
CAs that browsers trust by default. We were able to do so by constructing a=
=20
collision for the MD5 hash function, obtaining a valid CA signature in a we=
bsite=20
certificate legitimately purchased from the commercial CA, and copying this=
=20
signature into a CA certificate constructed by us such that the signature r=
emains=20
valid.=20
For more information about this project, see http://www.win.tue.nl/hashclas=
h/rogue-ca/.
The team consists of:=20
Alexander Sotirov (independent security researcher, New York, USA),=20
Marc Stevens (CWI, Amsterdam, NL),=20
Jacob Appelbaum (Noisebridge, The Tor Project, San Francisco, USA),=20
Arjen Lenstra (EPFL, Lausanne, CH),=20
David Molnar(UCB, Berkeley, USA),=20
Dag Arne Osvik (EPFL, Lausanne, CH),=20
Benne de Weger (TU/e, Eindhoven, NL).
For press and general inquiries, please email md5-collisions@phreedom.org.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
