On Friday 23 Apr 2010 00:34:38 Peter Stuge wrote: > Davide Brini wrote: > > the serial number is just an (almost) arbitrarily large number. Why > > would a CA choose such a serial number? > > In order to avoid a chosen-prefix collision that works among other > things by predicting the serial number of certificates generated by > the CA. > > http://www.win.tue.nl/hashclash/rogue-ca/ > https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf
Ah, that is interesting. I haven't seen an MD5 certificate in a long time, but I guess being safe doesn't hurt, as sooner or later SHA might become vulnerable as well (and people should start using the newer, longer SHA-256,etc. hashes anyway - not just for certificates). Thanks! -- D.
