[cryptography] Microsoft Sub-CA used in malware signing
fw at deneb.enyo.de
Sun Jun 10 16:03:07 EDT 2012
* Marsh Ray:
> Marc Stevens and B.M.M. de Weger (of
> http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the
> collision in the evil CN=MS cert. I'm sure they'll have a full report
> at some point. Until then, they have said this:
>> [We] have confirmed that flame uses a yet unknown md5 chosen-prefix
>> collision attack.
Does this mean they've seen the original certificate in addition to
the evil twin?
Until then, there is another explanation besides an advance in
cryptanalysis. Just saying. 8-)
More information about the cryptography