Can create a cert with no serial number?

Job Cacka job at
Thu Jun 1 17:38:51 UTC 2023

It is from something I read once. Now, I think it might have been in a different context than PKI. It also is probably related to collisions in older hashing algorithms. When I search I only get results about restricting passwords from brute force attacks so I am either mistaken or my Google ability is off today. 

-----Original Message-----
From: openssl-users <openssl-users-bounces at> On Behalf Of Michael Wojcik via openssl-users
Sent: Thursday, June 1, 2023 9:06 AM
To: openssl-users at
Subject: RE: Can create a cert with no serial number?

> From: openssl-users <openssl-users-bounces at> On Behalf Of 
> Job Cacka
> Sent: Thursday, 1 June, 2023 09:01

> Intentionally repeating characters in a hash is a great way to provide the hash to be broken.

"great" here is a rather bold claim.

If repeating a few characters in the Subject DN makes any appreciable difference in the work factor for a second-preimage attack on your certificate signatures, you have much bigger problems.

> As I recall there is something about repeating a character more than 3 
> times consecutively that decreases the effectiveness of the hash.

Citation needed.

Michael Wojcik

More information about the openssl-users mailing list