[Top] [All Lists]

Re: [Cfrg] [saag] Further MD5 breaks: Creating a rogue CAcertificate

2008-12-31 14:03:55
Santosh Chokhani wrote:

So, if you are relying on CAs, why not ask them to switch to SHA-1 as
opposed to adding more software to the CA.  SHA-1 is purely a
configuration item for the CA deployments.

Because someday SHA-1 (and SHA-2, or any hash algorithm) may be subject to a similar collision generation attack, and the presence of unpredictable data in the cert will defeat it as well.

Just trying to be proactive here.

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread] Current Thread [Next in Thread>