[cryptography] Microsoft Sub-CA used in malware signing
Weger, B.M.M. de
b.m.m.d.weger at TUE.nl
Sun Jun 10 16:59:02 EDT 2012
> * Marsh Ray:
> > Marc Stevens and B.M.M. de Weger (of
> > http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the
> > collision in the evil CN=MS cert. I'm sure they'll have a full report
> > at some point. Until then, they have said this:
> >> [We] have confirmed that flame uses a yet unknown md5 chosen-prefix
> >> collision attack.
> Does this mean they've seen the original certificate in addition to
> the evil twin?
No, we've only seen the 'evil twin'. That was sufficient for Marc
to arrive at this conclusion.
For the sake of fairness I would like to add that both the development
of the 'forensic tool', and the discovery of the 'yet unknown attack'
by analyzing the results of applying that tool to the 'evil' certificate,
were entirely Marc's work.
Benne de Weger
More information about the cryptography