Daniel Carosone wrote:There is one application of hashes, however, that fits these
limitations very closely and has me particularly worried:
certificates. The public key data is public, and it's a "random"
bitpattern where nobody would ever notice a few different bits.
If someone finds a collision for microsoft's windows update cert (or a number of other possibilities), and the fan is well and truly buried in it.
Correct me if I'm wrong ... but once finding a hash collision on a public key, you'd also need to find a matching private key, right?
You are not wrong... you can try to find the right private key for your collision too... ;)
In fact, looking for a collision to a public certificate is not as easy as breaking a signature but breaking many of them at the same time.
Talliann
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
--
I came. I saw. I clicked.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]