Thanks for the detailed declaration. I did not consider that the serialNumber
is in the very first block of hash input.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On 06/04/2019 03.01, Lijun Liao via dev-security-policy wrote:
> 5. Related to how the MD5 attacks you might be right. But theoretically,
> and also in practice, if you have enough bits to play and the hash
> algorithm is not cryptographically secure, you can find a collision with
> less
Liao
> via dev-security-policy
> Sent: Friday, April 05, 2019 11:44 AM
> Cc: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Entropy of certificate serial number
>
> With random serial numbers an adversary does not even need to guess the
> serial number.
>
> Conside
Subject: Re: Entropy of certificate serial number
With random serial numbers an adversary does not even need to guess the
serial number.
Consider the following attack, the adversary finds a certificate with weak
hash algorithm. He adds his host to the SAN field, then he tries to find
out a positive se
With random serial numbers an adversary does not even need to guess the
serial number.
Consider the following attack, the adversary finds a certificate with weak
hash algorithm. He adds his host to the SAN field, then he tries to find
out a positive serial number up to 20 octets which results in
Hi Lijun,
Entropy is required in serial numbers to protect against weak hash
functions -- historically exploitation of MD5's weakness was possible
because CAs used sequential serial numbers, thus allowing an attacker to
pre-compute hash prefixes, because they could predict future data that
would
In the last days, the issue related to the 63 bit serial number by using
the default configuration of EJBCA poped up in many forums.
Could someone please explain why the BR requires the minimal entropy to be
64 bit?
Best regards
Lijun
___
7 matches
Mail list logo