Welcome to the resource topic for 2006/360
Title:
Target Collisions for MD5 and Colliding X.509 Certificates for Different Identities
Authors: Marc Stevens, Arjen Lenstra, Benne de Weger
Abstract:We have shown how, at a cost of about 2^{52} calls to the MD5 compression function, for any two target messages m_1 and m_2, values b_1 and b_2 can be constructed such that the concatenated values m_1\|b_1 and m_2\|b_2 collide under MD5. Although the practical attack potential of this construction of \emph{target collisions} is limited, it is of greater concern than random collisions for MD5. In this note we sketch our construction. To illustrate its practicality, we present two MD5 based X.509 certificates with identical signatures but different public keys \emph{and} different Distinguished Name fields, whereas our previous construction of colliding X.509 certificates required identical name fields. We speculate on other possibilities for abusing target collisions.
ePrint: https://eprint.iacr.org/2006/360
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .