[cabfpub] A better way to do SHA-1 legacy
Gervase Markham
gerv at mozilla.org
Tue Jul 19 14:53:40 UTC 2016
On 19/07/16 15:44, Erwann Abalea wrote:
> There’s no need to collide SHA2 with this scheme.
> The attacker can know in advance what the serial number will be; it may
> not be sequential, but is nevertheless predictable. So the attacker
But the attacker can only know the serial number when the entire
remainder of the certificate is fixed. So how can they tweak it to
enable the attack? If they tweak it, the serial number changes.
Gerv
More information about the Public
mailing list