On Wed, Mar 02, 2005 at 12:35:50PM +0000, Ben Laurie wrote: > Cute. I expect we'll see more of this kind of thing. > > http://eprint.iacr.org/2005/067 > > Executive summary: calculate chaining values (called IV in the paper) of > first part of the CERT, find a colliding block for those chaining > values, generate an RSA key that has the collision as the first part of > its public key, profit. >
What is the significance of this? It seems I can get a certificate for two public keys (chosen, not given) while only proving posession of the first. Is there anything else? In what sense is the second public key useful to the attacker? -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]