Am Freitag, den 15.09.2006, 00:40 +0200 schrieb Erik Tews:
> I have to check some legal aspects before publishing the names of the
> browser which accepted this certificate and the name of the
> ca-certificates with exponent 3 I used in some hours, if nobody tells me
> not to do that. Depending on
Erik Tews writes:
> At least 3 major webbrowsers on the marked are shipped by default with
> CA certificates, which have signed other intermediate CAs which use
> rsa1024 with exponent 3, in their current version. With this exploit,
> you can now sign arbitary server certificates for any website of
Hi
I had an idea very similar to the one Peter Gutmann had this morning. I
managed to write a real world exploit which takes as input:
* an CA-Certificate using 1024 Bit RSA and Exponent 3 (ca-in)
* a Public Key, using an algorithm and size of your choice
(key-in)
and generat