i don't understand how one can create a rough Certificate just by making a MD5 collision. Even if you were able to find another string whose hash matches the original how would you sign it ? You do not have access to the Certificate authority's private key ?
Asked
Active
Viewed 287 times
2
-
3if the hash is the same then the signature is the same. There is no need to sign anything, just copy the original signature over. – President James K. Polk Jan 14 '11 at 00:03
-
See http://stackoverflow.com/questions/1224113/examples-of-hash-collisions for answers – Bruno Rohée Sep 19 '13 at 13:12