"Perry E. Metzger" <pe...@piermont.com> writes: > For example, Verisign has lots of cert infrastructure right now that > uses SHA-1. Imagine if I now use the above described attack and start > forging certs that look to all the world like they're from Verisign and > claim that I'm a major bank, or to forge a CA that then forges certs > that claim I'm a major bank. "Ooops!"
Eric Rescorla correctly points out to me that Verisign randomizes SNs so it would be hard to attack them that way, but I'm sure not everyone who is in the root cert list in IE or Firefox does. It also is not going to be trivial to do this -- but it is now in the realm of possibility. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com