Can create a cert with no serial number?
Job Cacka
job at ccbox.com
Thu Jun 1 17:38:51 UTC 2023
It is from something I read once. Now, I think it might have been in a different context than PKI. It also is probably related to collisions in older hashing algorithms. When I search I only get results about restricting passwords from brute force attacks so I am either mistaken or my Google ability is off today.
Thanks,
-----Original Message-----
From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Michael Wojcik via openssl-users
Sent: Thursday, June 1, 2023 9:06 AM
To: openssl-users at openssl.org
Subject: RE: Can create a cert with no serial number?
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of
> Job Cacka
> Sent: Thursday, 1 June, 2023 09:01
> Intentionally repeating characters in a hash is a great way to provide the hash to be broken.
"great" here is a rather bold claim.
If repeating a few characters in the Subject DN makes any appreciable difference in the work factor for a second-preimage attack on your certificate signatures, you have much bigger problems.
> As I recall there is something about repeating a character more than 3
> times consecutively that decreases the effectiveness of the hash.
Citation needed.
--
Michael Wojcik
More information about the openssl-users
mailing list