On Tue, 30 Dec 2008, Hal Finney wrote:
>
> - The attack relies on cryptographic advances in the state of the art for
>finding MD5 collisions from inputs with different prefixes. These advances
>are not yet being published but will presumably appear in 2009.
To insert a malicious "basicCon
Pehr Söderman wrote:
> Freshly declassified and a rather interesting read:
>
> A History of U.S. Communications Security (Volumes I and II, 1973)
> David G. Boak Lectures, National Security Agency (NSA)
>
> http://www.governmentattic.org/2docs/Hist_US_COMSEC_Boak_NSA_1973.pdf
>
> (From Bruce Sch
At 10:19 PM -0500 12/30/08, Jerry Leichter wrote:
>Robert Graham writes in Errata Security
>(http://erratasec.blogspot.com/2008/12/not-all-md5-certs-are-vulnerable.html)
>that the attack depends on being able to predict the serial number field that
>will be assigned to a legitimate certificate b
