Hi Florian, > * Marsh Ray: > > > Marc Stevens and B.M.M. de Weger (of > > http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the > > collision in the evil CN=MS cert. I'm sure they'll have a full report > > at some point. Until then, they have said this: > > >> [We] have confirmed that flame uses a yet unknown md5 chosen-prefix > >> collision attack. > > Does this mean they've seen the original certificate in addition to > the evil twin?
No, we've only seen the 'evil twin'. That was sufficient for Marc to arrive at this conclusion. For the sake of fairness I would like to add that both the development of the 'forensic tool', and the discovery of the 'yet unknown attack' by analyzing the results of applying that tool to the 'evil' certificate, were entirely Marc's work. Grtz, Benne de Weger _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography