cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Mark Lipscombe <mark AT cacert.org>
- To: cacert-sysadm AT lists.cacert.org
- Subject: Re: two possible MD5 hashed certificates in a chain
- Date: Wed, 16 Dec 2009 19:55:21 -0800
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Organization: CAcert
dieter.hennig AT id.ethz.ch
wrote:
Dear all,
In reference to the two CAcert root certificates, both hashed by the
MD5-algorithm, I would like to ask you to please follow instructions as seen
below:
http://wiki.cacert.org/Brain/Study/Bug665
since the chain which can be constructed from two Cacert provided certificates
hashed both in the MD5 form appears quite vulnerable.
Looking at the certificates currently being issued, these seem to all be SHA-1 signed, not MD5.
Assuming we no longer sign certificates with MD5, can someone explain how it would be possible to use CAcert's roots for the exploit described? Correct me if I'm wrong, but my understanding is you need to be able to generate a collision on the "to be signed" part of the data. If the CA no longer signs with MD5 then, by extention, generating that collision becomes impossible, right?
Threads on mozilla.dev.tech.crypto seem to reinforce this:
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/cf067e974858556/d827f96230319e03?lnk=gst&q=md5#d827f96230319e03
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/edaf97f51f41f5e7/6c42d7ef13c5d8f6?lnk=gst&q=md5#6c42d7ef13c5d8f6
Regards,
Mark
- Re: two possible MD5 hashed certificates in a chain, (continued)
- Re: two possible MD5 hashed certificates in a chain, Mark Lipscombe, 12/16/2009
- Re: two possible MD5 hashed certificates in a chain, Dieter Hennig, 12/17/2009
- Re: two possible MD5 hashed certificates in a chain, Daniel Black, 12/17/2009
- Re: two possible MD5 hashed certificates in a chain, Roberto Mazzoni, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Ian G, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Dieter Hennig, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Mark Lipscombe, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Ian G, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Roberto Mazzoni, 12/22/2009
- Re: two possible MD5 hashed certificates in a chain, Dieter Hennig, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Mark Lipscombe, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Ian G, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Roberto Mazzoni, 12/18/2009
- Re: two possible MD5 hashed certificates in a chain, Daniel Black, 12/17/2009
- Re: two possible MD5 hashed certificates in a chain, Dieter Hennig, 12/17/2009
- Re: two possible MD5 hashed certificates in a chain, Mark Lipscombe, 12/17/2009
- Re: two possible MD5 hashed certificates in a chain, Mark Lipscombe, 12/16/2009
Archive powered by MHonArc 2.6.16.