2007 | OriginalPaper | Buchkapitel
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
verfasst von : Marc Stevens, Arjen Lenstra, Benne de Weger
Erschienen in: Advances in Cryptology - EUROCRYPT 2007
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
We present a novel, automated way to find differential paths for MD5. As an application we have shown how, at an approximate expected cost of 2
50
calls to the MD5 compression function, for any two chosen message prefixes
P
and
P
′, suffixes
S
and
S
′ can be constructed such that the concatenated values
P
||
S
and
P
′||
S
′ collide under MD5. Although the practical attack potential of this construction of
chosen-prefix collisions
is limited, it is of greater concern than random collisions for MD5. To illustrate the practicality of our method, we constructed two MD5 based X.509 certificates with identical signatures but different public keys
and
different Distinguished Name fields, whereas our previous construction of colliding X.509 certificates required identical name fields. We speculate on other possibilities for abusing chosen-prefix collisions. More details than can be included here can be found on
www.win.tue.nl/hashclash/ChosenPrefixCollisions/
.