FYI.
Please discuss on the CFRG list, but I thought the people on these
lists would like to know about this research result.
Russ
Date: Mon, 23 Oct 2006 23:58:21 +0200
From: "Weger, B.M.M. de"
<b(_dot_)m(_dot_)m(_dot_)d(_dot_)weger(_at_)TUE(_dot_)nl>
To: <cryptography(_at_)metzdowd(_dot_)com>,
<cfrg(_at_)ietf(_dot_)org>,
<hash-forum(_at_)nist(_dot_)gov>
Subject: [Cfrg] target collisions and colliding certificates with different
identities
Hi all,
We announce:
- an example of a target collision for MD5; this means:
for two chosen messages m1 and m2 we have constructed
appendages b1 and b2 to make the messages collide
under MD5, i.e. MD5(m1||b1) = MD5(m2||b2);
said differently: we can cause an MD5 collision for
any pair of distinct IHVs;
- an example of a pair of valid, unsuspicious X.509
certificates with distinct Distinguished Name fields,
but identical CA signatures; this example makes use
of the target collision.
See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/,
where the certificates and a more detailed announcement
can be found.
Marc Stevens
Arjen Lenstra
Benne de Weger