"Perry E. Metzger" <pe...@piermont.com> writes:
> For example, Verisign has lots of cert infrastructure right now that
> uses SHA-1. Imagine if I now use the above described attack and start
> forging certs that look to all the world like they're from Verisign and
> claim that I'm a major bank, or to forge a CA that then forges certs
> that claim I'm a major bank. "Ooops!"

Eric Rescorla correctly points out to me that Verisign randomizes SNs so
it would be hard to attack them that way, but I'm sure not everyone
who is in the root cert list in IE or Firefox does.

It also is not going to be trivial to do this -- but it is now in the
realm of possibility.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to