Daniel Carosone wrote:
There is one application of hashes, however, that fits these
limitations very closely and has me particularly worried:
certificates. The public key data is public, and it's a "random"
bitpattern where nobody would ever notice a few different bits.
If someone finds a collision for microsoft's windows update cert (or a
number of other possibilities), and the fan is well and truly buried
in it.
Correct me if I'm wrong ... but once finding
a hash collision on a public key, you'd also
need to find a matching private key, right?
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
