[Top] [All Lists]

Re: Further MD5 breaks: Creating a rogue CA certificate

2008-12-30 18:33:19

I'm not sure I understand the issue here, but
they don't actually have to be totally randomized. You could use a
PRF so they were predictable to the CA.

That works. This works too: the serial number could be composed of two parts, where the most significant bits are a counter and the least significant bits are randomly generated.

<Prev in Thread] Current Thread [Next in Thread>