funsec mailing list archives
Re: Fake CA MD5 questions
From: Valdis.Kletnieks () vt edu
Date: Tue, 30 Dec 2008 20:27:07 -0500
On Tue, 30 Dec 2008 16:29:11 PST, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" said:
First, you need 5 CAs that use MD5 hashes. How many do that?
You got that backwards. They found five, only need one.
Is this attack effective against SHA-1? How much longer would it take?
http://www.win.tue.nl/hashclash/rogue-ca/ Read 5.3.4 for MD5: The total complexity of the collision construction can be estimated at 251.x MD5 compression function calls, when 30 GB of memory is available. And the FAQ for SHA-1: Status of the theory: at the Rump Session of Crypto 2007 they estimated the complexity of their attack for collisions with identical initial IHVs to be 2^61 calls to the compression function. For chosen-prefix collisions they estimated in 2006 a complexity of just below the birthday bound of 280. Improvements on the latter result are probably possible, but nobody has looked into this. So... an order of 2^10 harder.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- reliable IOS exploitation Gadi Evron (Dec 29)
- Re: reliable IOS exploitation Charles Miller (Dec 29)
- Re: reliable IOS exploitation Gadi Evron (Dec 29)
- 25c3 (was: Re: reliable IOS exploitation) Jacob Appelbaum (Dec 30)
- Re: 25c3 (was: Re: reliable IOS exploitation) Colin K Rognlie (Dec 30)
- Fake CA MD5 questions Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 30)
- Re: Fake CA MD5 questions Valdis . Kletnieks (Dec 30)
- Re: Fake CA MD5 questions Valdis . Kletnieks (Dec 30)
- Re: Fake CA MD5 questions Jason Ross (Dec 30)
- Re: Fake CA MD5 questions Florian Weimer (Dec 31)
- Re: reliable IOS exploitation Charles Miller (Dec 29)