[nycbug-talk] [ccc related] MD5 considered harmful today

Charles Sprickman spork at bway.net
Tue Dec 30 20:07:04 EST 2008

Alex has some good timing.

I was reading this:


It's long and complicated, and I got lost after the basic "how to make 
a hash" section, but this bit should pique anyone's interest:

The potential of this attack scenario is even greater than just obtaining 
a rogue certificate for a single secure website. This is because our rogue 
certificate doesn't have to be a website certificate, but it could be an 
intermediary CA certificate. Although the certificate originally signed by 
the real CA has in the "basic constraints" field the flag "CA = FALSE", 
indicating that this certificate cannot be used to validate other 
certificates in a certificate chain, our rogue certificate has the same 
flag set to "CA = TRUE". We are in possession of the private key 
corresponding to the public key in this rogue CA certificate. As a result 
we are able to issue any number of certificates to anybody we choose, and 
they will be recognized as valid certificates by anybody trusting the real 
CA, which is all Internet users using one of the common web browsers.


More information about the talk mailing list