2009
DOI: 10.1007/978-3-642-03356-8_4
|View full text |Cite
|
Sign up to set email alerts
|

Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate

Abstract: Abstract. We present a refined chosen-prefix collision construction for MD5 that allowed creation of a rogue Certification Authority (CA) certificate, based on a collision with a regular end-user website certificate provided by a commercial CA. Compared to the previous construction from Eurocrypt 2007, this paper describes a more flexible family of differential paths and a new variable birthdaying search space. Combined with a time-memory trade-off, these improvements lead to just three pairs of near-collision… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
76
0

Year Published

2010
2010
2018
2018

Publication Types

Select...
7
1

Relationship

0
8

Authors

Journals

citations
Cited by 124 publications
(80 citation statements)
references
References 8 publications
0
76
0
Order By: Relevance
“…Thus it is not surprising that with time, attacks against practical hash functions are usually found that drastically lower the bounds assumed in theory. Many attacks have been presented for MD5 [25,23,21], and also for SHA-1 [13] first attacks have been published [24,7,1,6]. This, in turn, led NIST (National Institute of Standards and Technology) to hold a competition to find a successor to the SHA-1 and SHA-2 families [14].…”
Section: Introductionmentioning
confidence: 99%
“…Thus it is not surprising that with time, attacks against practical hash functions are usually found that drastically lower the bounds assumed in theory. Many attacks have been presented for MD5 [25,23,21], and also for SHA-1 [13] first attacks have been published [24,7,1,6]. This, in turn, led NIST (National Institute of Standards and Technology) to hold a competition to find a successor to the SHA-1 and SHA-2 families [14].…”
Section: Introductionmentioning
confidence: 99%
“…Thus, attacks inside a secured channel can not be realized. However, the SSL/TLS protocol is prone to MITM attacks [25,26]. The attacker intercepts packets between the client and the server to establish two encrypted connections: 1) a connection between the client and the attacker and 2) a connection between the attacker and the server.…”
Section: And P Ms:m S = Genkey(r C R S P Ms)mentioning
confidence: 99%
“…The attacker intercepts packets between the client and the server to establish two encrypted connections: 1) a connection between the client and the attacker and 2) a connection between the attacker and the server. The attacker generates its own public key and modifies the original certificate to trick the user/client, which is even possible without a capability for the user to notice the attack [25]. By doing this, the attacker can read the traffic of the secured connection between the client and the server.…”
Section: And P Ms:m S = Genkey(r C R S P Ms)mentioning
confidence: 99%
See 1 more Smart Citation
“…In the current work, we study Montgomery modular multiplication on the Cell Broadband Engine (Cell). The Cell is an heterogeneous processor and has been used as a cryptographic accelerator [5,6,7,8] as well as for cryptanalysis [9,10].…”
Section: Introductionmentioning
confidence: 99%