ietf-smime
[Top] [All Lists]

Fwd: [Cfrg] target collisions and colliding certificates with different identities

2006-10-25 12:03:43

FYI.

Please discuss on the CFRG list, but I thought the people on these lists would like to know about this research result.

Russ


Date: Mon, 23 Oct 2006 23:58:21 +0200
From: "Weger, B.M.M. de" 
<b(_dot_)m(_dot_)m(_dot_)d(_dot_)weger(_at_)TUE(_dot_)nl>
To: <cryptography(_at_)metzdowd(_dot_)com>,
        <cfrg(_at_)ietf(_dot_)org>,
        <hash-forum(_at_)nist(_dot_)gov>
Subject: [Cfrg] target collisions and colliding certificates with different
        identities

Hi all,

We announce:
- an example of a target collision for MD5; this means:
  for two chosen messages m1 and m2 we have constructed
  appendages b1 and b2 to make the messages collide
  under MD5, i.e. MD5(m1||b1) = MD5(m2||b2);
  said differently: we can cause an MD5 collision for
  any pair of distinct IHVs;
- an example of a pair of valid, unsuspicious X.509
  certificates with distinct Distinguished Name fields,
  but identical CA signatures; this example makes use
  of the target collision.

See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/,
where the certificates and a more detailed announcement
can be found.

Marc Stevens
Arjen Lenstra
Benne de Weger

<Prev in Thread] Current Thread [Next in Thread>
  • Fwd: [Cfrg] target collisions and colliding certificates with different identities, Russ Housley <=