2017-07-12 8:35 GMT+02:00 Wouter Verhelst <wouter.verhe...@fedict.be>:
> On 11-07-17 23:44, Salz, Rich via openssl-users wrote: > >> It's very well worth the effort, otherwise there's a security issue, > because certificates can be forged. > > > > No they cannot. > > > > What *has* been done is a document was created with "weak spots" and > another document was created that changed those weak spots, but the digest > was the same. > > Correct me if I'm wrong, but wasn't the MD5 certificate hack presented > back at 25C3 based on exactly that scenario? They used the serial number > and timestamp or some other such thing (don't recall the details) as > weak spots and then sent loads of certificate requests to the CA to > effecively brute-force it. > > (Of course, CAs are now required to randomize their serial number, so > since that particular attack isn't possible anymore, I agree that for > the time being it's still not a feasible scenario for SHA1, but hey) > Maybe not currently for SHA-1, but maybe for MD5? Also not sure whether you can use these old certificates with weak serials and change the date as well there? Regards, Niklas
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users