On Sun, Jun 10, 2012 at 3:03 PM, Florian Weimer <f...@deneb.enyo.de> wrote: > * Marsh Ray: > >> Marc Stevens and B.M.M. de Weger (of >> http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the >> collision in the evil CN=MS cert. I'm sure they'll have a full report >> at some point. Until then, they have said this: > >>> [We] have confirmed that flame uses a yet unknown md5 chosen-prefix >>> collision attack. > > Does this mean they've seen the original certificate in addition to > the evil twin?
The evil twin has the nasty bits[*] in the issuerUniqueID field, which is weird, and the ID is not one likely to be generated by any CA. Would the original have it?? I don't see why the TS CA would have issued certs with issuerUniqueIDs under any circumstances, which is why it's interesting the the evil twin had any evil bits. [*] Marsh calls these bits a "tumor". I don't think there's a good analogy in biology, but for my money the analogy that comes closest is "prion" (misfolded proteins, which in the most well-known case beget more protein misfolding, which is why prions are not a perfect analog for these evil bits). Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography