Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

Santosh Chokhani wrote:

So, if you are relying on CAs, why not ask them to switch to SHA-1 as
opposed to adding more software to the CA.  SHA-1 is purely a
configuration item for the CA deployments.

Because someday SHA-1 (and SHA-2, or any hash algorithm) may be subjectto a similar collision generation attack, and the presence ofunpredictable data in the cert will defeat it as well.


Just trying to be proactive here.

-- Tim

smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, (continued) Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Mike RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Dr Stephen Henson RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller <= RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Santosh Chokhani Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Timothy J. Miller RE: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate, Tim Moses Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CA certificate, Eric Rescorla Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Yoav Nir RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, Santosh Chokhani Message not available Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Russ Housley Message not available Re: [saag] Further MD5 breaks: Creating a rogue CA certificate, Scott Rea RE: [saag] Further MD5 breaks: Creating a rogue CA certificate, Santosh Chokhani