[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [saag] X.509 certificate collision, via MD5 collisions

To: ietf-pkix@xxxxxxx
Subject: RE: [saag] X.509 certificate collision, via MD5 collisions
From: J Adrian Pickering <jap@xxxxxxxxxxxxxxx>
Date: Sat, 05 Mar 2005 19:17:41 +0000
In-reply-to: <7A3E1242FA9989439AD1F9B2D71C287F0427400E@xxxxxxxxxxxxxxxxx .com>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <7A3E1242FA9989439AD1F9B2D71C287F0427400E@xxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


At 18:58 04/03/2005, Robert Zuccherato wrote:

The reason why the randomness in the serial number is able to prevent thisparticular attack is that the attacker cannot predict it's value and thuscannot predict the value of the hash function chaining variable at thepoint the public keys begin to get processed. This appears to prevent theconstruction of collisions in the public keys.

This was why I suggested in TSP we removed the 'monotonic increasing'requirement for a TSA serial number during final draft. Mananaging 'random'serial numbers is not so easy but I rather think it is a requirement.

The attacks highlight the importance of making every bit significant in themessage to be hashed. Aside from certificates, I've got increasinglyworried about the non-rendered and/or highly redundant junk in documents. Itrust logos aren't going to cause problems here.


Adrian Pickering/
University of Southampton, UK

References:
- RE: [saag] X.509 certificate collision, via MD5 collisions
  - From: Robert Zuccherato

Prev by Date: alert the PKIX working group of a potential intellectual property issue
Next by Date: Re: [saag] X.509 certificate collision, via MD5 collisions
Previous by thread: RE: [saag] X.509 certificate collision, via MD5 collisions
Next by thread: RE: [saag] X.509 certificate collision, via MD5 collisions
Index(es):
- Date
- Thread