Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
Colliding X.509 Certificates PDF Print E-mail
Written by Editor   
Friday, 11 March 2005 11:33
Cryptography researchers based in the Netherlands and China have released a paper and proof of concept details on how they made a pair of valid X.509 Certificates with identical signatures using MD5 collisions. Arjen Lenstra, Xiaoyun Wang and Benne de Weger have produced a paper describing the process they developed to produce valid X.509 certificates where the issuer signature will be same if the issuer used the MD5 hash function.

The result is that they have shown that if a Certificate Authority (CA) is using the MD5 hash function for signatures, collisions can be easily crafted to undermine the underlying trust of the Public Key Infrastructure of the CA.

You can view the paper here or here, you can also see their proof of concept certificates here too. Just to rub some salt in the wounds of the Certificate Authorities, the same group is working on expanding this attack to Certificates signed using SHA-1 as the hash function, while implementing the work announced during the RSA conference which we covered here.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Thursday, 14 September 2006 23:15 )