[16996] in cryptography@c2.net mail archive
Re: MD5 collision in X509 certificates
daemon@ATHENA.MIT.EDU (Dan Kaminsky)
Thu Mar 3 19:17:35 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 02 Mar 2005 09:05:04 -0800
From: Dan Kaminsky <dan@doxpara.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <4225E866.60506@algroup.co.uk>
Ben Laurie wrote:
> Dan Kaminsky wrote:
>
>> The x.509 cert collision is a necessary consequence of the earlier
>> discussed prime/not-prime collision. Take the previous concept, make
>> both prime, and surround with the frame of an x.509 cert, and you get
>> the new paper.
>
>
> Actually, not - an RSA public key is not prime. Generating colliding
> public keys takes quite a bit more work.
*laughs* Yes, I suppose it would be difficult for pq to be prime now
wouldn't it :)
So they've basically solved:
md5(pq) == md5(p'q')
For integer values of p, q, p' and q'. You are right, this is much more
work.
--Dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
