[openssl-users] Rejecting SHA-1 certificates
me at kelunik.com
Wed Jul 12 12:24:57 UTC 2017
2017-07-12 8:35 GMT+02:00 Wouter Verhelst <wouter.verhelst at fedict.be>:
> On 11-07-17 23:44, Salz, Rich via openssl-users wrote:
> >> It's very well worth the effort, otherwise there's a security issue,
> because certificates can be forged.
> > No they cannot.
> > What *has* been done is a document was created with "weak spots" and
> another document was created that changed those weak spots, but the digest
> was the same.
> Correct me if I'm wrong, but wasn't the MD5 certificate hack presented
> back at 25C3 based on exactly that scenario? They used the serial number
> and timestamp or some other such thing (don't recall the details) as
> weak spots and then sent loads of certificate requests to the CA to
> effecively brute-force it.
> (Of course, CAs are now required to randomize their serial number, so
> since that particular attack isn't possible anymore, I agree that for
> the time being it's still not a feasible scenario for SHA1, but hey)
Maybe not currently for SHA-1, but maybe for MD5?
Also not sure whether you can use these old certificates with weak serials
and change the date as well there?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users