Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities

M.M.J. Stevens, A.K. Lenstra, B.M.M. Weger, de

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

103 Citations (Scopus)

Abstract

We present a novel, automated way to find differential paths for MD5. As an application we have shown how, at an approximate expected cost of 250 calls to the MD5 compression function, for any two chosen message prefixes P and P', suffixes S and S' can be constructed such that the concatenated values P||S and P'||S' collide under MD5. Although the practical attack potential of this construction of chosen-prefix collisions is limited, it is of greater concern than random collisions for MD5. To illustrate the practicality of our method, we constructed two MD5 based X.509 certificates with identical signatures but different public keys and different Distinguished Name fields, whereas our previous construction of colliding X.509 certificates required identical name fields. We speculate on other possibilities for abusing chosen-prefix collisions. More details than can be included here can be found on www.win.tue.nl/hashclash/ChosenPrefixCollisions/ .
Original languageEnglish
Title of host publicationProceedings of the 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2007) 20-24 May 2007, Barcelona, Spain
EditorsM. Naor
Place of PublicationBerlin, Germany
PublisherSpringer
Pages1-22
ISBN (Print)978-3-540-72539-8
DOIs
Publication statusPublished - 2007
Event26th Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2007) - Barcelona, Spain
Duration: 20 May 200724 May 2007
Conference number: 26

Publication series

NameLecture Notes in Computer Science
Volume4515
ISSN (Print)0302-9743

Conference

Conference26th Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2007)
Abbreviated titleEurocrypt 2007
CountrySpain
CityBarcelona
Period20/05/0724/05/07

Fingerprint Dive into the research topics of 'Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities'. Together they form a unique fingerprint.

Cite this