[Top] [All Lists]

Re: Further MD5 breaks: Creating a rogue CA certificate

2008-12-31 10:01:06
Russ Housley wrote:

I'm not sure I understand the issue here, but
they don't actually have to be totally randomized. You could use a
PRF so they were predictable to the CA.

That works. This works too: the serial number could be composed of two parts, where the most significant bits are a counter and the least significant bits are randomly generated.

How would Corestreet's miniCRL format fare under this?

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread] Current Thread [Next in Thread>