On Sun, Jun 14, 2015 at 11:45:48PM -0400, b...@bitrate.net wrote:
> On a related note, is it possible for a public key fingerprint to collide
> with the certificate fingerprint of some other cert?
No more likely than colliding with another public key, or two
certificates colliding with each other. Attacks against
"check_ccert_access" require failure of "2nd preimage" resistance,
not failure of "collision resistance", and, for most fielded
cryptographic hash functions, "2nd preimage" attacks are still
not known to be feasible.
That said, definitely don't use MD5, and if you're concerned about
SHA1, consider using "sha256" rather than "sha1". Many organizations
are busy moving away from SHA1 these days, though "2nd preimage"
attacks on SHA1 are not AFAIK on the horizon.
--
Viktor.
