Colliding X.509 Certificates
نویسندگان
چکیده
With this construction we show that MD5 collisions can be crafted easily in such a way that the principles underlying the trust in Public Key Infrastructure are violated. In particular we find it worrying that from one certificate alone it cannot be determined whether another, different certificate may exist with the same signature. For the second certificate the issuing Certification Authority may not have been able to verify “proof of possession” of the private key. Therefore, a relying party using a public key certificate based on MD5 can not be certain that the alleged certificate owner is indeed in possession of the corresponding private key.
منابع مشابه
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
We present a novel, automated way to find differential paths for MD5. As an application we have shown how, at an approximate expected cost of 2 calls to the MD5 compression function, for any two chosen message prefixes P and P ′, suffixes S and S′ can be constructed such that the concatenated values P‖S and P ′‖S′ collide under MD5. Although the practical attack potential of this construction o...
متن کاملTarget Collisions for MD5 and Colliding X.509 Certificates for Different Identities
We have shown how, at a cost of about 2 calls to the MD5 compression function, for any two target messages m1 and m2, values b1 and b2 can be constructed such that the concatenated values m1‖b1 and m2‖b2 collide under MD5. Although the practical attack potential of this construction of target collisions is limited, it is of greater concern than random collisions for MD5. In this note we sketch ...
متن کاملOn the possibility of constructing meaningful hash collisions for public keys full version, with an appendix on colliding X.509 certificates
It is sometimes argued (as in [6]) that finding meaningful hash collisions might prove difficult. We show that at least one of the arguments involved is wrong, by showing that for several common public key systems it is easy to construct pairs of meaningful and secure public key data that either collide or share other characteristics with the hash collisions as quickly constructed in [22]. We p...
متن کاملLecture Notes in Computer Science 4515
We present a novel, automated way to find differential paths for MD5. As an application we have shown how, at an approximate expected cost of 2 calls to the MD5 compression function, for any two chosen message prefixes P and P ′, suffixes S and S′ can be constructed such that the concatenated values P‖S and P ′‖S′ collide under MD5. Although the practical attack potential of this construction o...
متن کاملA Java API for X.509 Proxy Certificates
X.509 Proxy Certificates have been proposed for use in the Grid Security Infrastructure to allow dynamic delegation of rights and single sign-on for end users. We have evaluated proxy certificates to secure a service-oriented architecture for digital content based on Web Services. We describe how support for proxy certificates was implemented in Java through extensions to the Java Cryptography ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2005 شماره
صفحات -
تاریخ انتشار 2005