Re: Questions on client certificates

Fri, 7 Jan 2000 05:38:48 -0800 

Flemming Jans wrote:
> 
> Hi Andrew,
> 
> 
> Ok, I have tried the following code snip which works:
> 
> client_cert = SSL_get_peer_certificate(con);
> X509_digest(client_cert, EVP_md5(), digest, &digest_len);
> 
> Which message digest should I use ? md5 or other ? Is the digest
> guaranteed to be unique mathematically or how does a digest work??
> 

There is a simple "pigeon hole" argument that shows the digest cannot be
unique.

Consider the case of an sha1 digest which is 160 bits long. If you have
certificates with 161 bit serial numbers then there must be several with
the same digest because there simply aren't enough possible digests to
make each unique.

As you may have realised though 160 bits is rather a large number to use
brute force on. MD5 is 128 bits so is a smaller task. Neither is really
feasible with current technology.

The whole point of a digest is that it is difficult to determine two
distinct pieces of data with the same digest value: this is termed a
"collision". Collisions will always exist but generally requires vast
amounts of computing power to find. Some weaknesses have been found in
MD5 (but no collisions) so MD5 is not recommended for newer
applications: nevertheless some CAs still use it. SHA1 is the current
"digest of choice".

If you are still worried about the possibility of colliding digests then
consider this.

A certificate has some signed data in it and a signature. The signature
is formed by applying a public key algorithm to a digest. If you can
find two pieces of signed data with the same digest they can also have
the same signature.

If you can find a certificate with the same signature as a CA but with
your own public key in it then you can impersonate it.

In other words if a practical solution to the problem of finding a
duplicate certificate with the same digest is found certificates will no
longer be secure.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to