[cryptography] Microsoft Sub-CA used in malware signing

Weger, B.M.M. de b.m.m.d.weger at TUE.nl
Sun Jun 10 16:59:02 EDT 2012

Hi Florian,

> * Marsh Ray:
> > Marc Stevens and B.M.M. de Weger (of
> > http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the
> > collision in the evil CN=MS cert. I'm sure they'll have a full report
> > at some point. Until then, they have said this:
> >> [We] have confirmed that flame uses a yet unknown md5 chosen-prefix
> >> collision attack.
> Does this mean they've seen the original certificate in addition to
> the evil twin?

No, we've only seen the 'evil twin'. That was sufficient for Marc
to arrive at this conclusion.

For the sake of fairness I would like to add that both the development 
of the 'forensic tool', and the discovery of the 'yet unknown attack' 
by analyzing the results of applying that tool to the 'evil' certificate,
were entirely Marc's work. 

Benne de Weger

More information about the cryptography mailing list