Here is post involving a new attack on hash functions and it started a long thread of discussions. Please check cfrg or saag for more discussions:
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Russ Housley Sent: Wednesday, December 31, 2008 12:05 AM To: [email protected]; [email protected]; [email protected]; [email protected] Subject: [Cfrg] Further MD5 breaks: Creating a rogue CA certificate http://www.win.tue.nl/hashclash/rogue-ca/ MD5 considered harmful today Creating a rogue CA certificate December 30, 2008 Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats. _______________________________________________ Cfrg mailing list [email protected] https://www.irtf.org/mailman/listinfo/cfrg _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
