Should I be worried? If this is indeed a genuine google certificate,
why is it that there are (at least) 2 different certificates for the
same domain (smtp.google.com)?
Only if you believe that smtp.gmail.com and smtp.google.com are the same.
Yeah, sorry, I meant smtp.googlemail.com.
Viktor Dukhovni wrote:
openssl pkcs7 -print_certs -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4243532547640530163 (0x3ae40e5e6eec14f3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google
My guess is that if you could write a hash working the way you say, it
would be vulnerable to all sorts of cryptographic attacks: give up!
I have indeed given up and found other ways to incorporate the hash
while verifying the stream integrity.
Maybe a bit daft of me to ask this, but is it possible to calculate a
hash on a stream of bytes where the resulting hash is considered to be
part of that stream?
In other words, lets assume that I have a stream which is, say, 64 bytes
long in total, consisting of 48 bytes of payload, plus