0

I want to create fake certificate for test purposes. I have read about the http://marc-stevens.nl/p/hashclash/index.php project but I am unable to understand the two files that I have to put as input in order to create the collision attack.

I have created my own CA and SSL X.509 v3 with md5 encryption and it will be the first file. But what should be the second?

John Papakostas
  • 1
  • This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Cryptography Stack Exchange](http://crypto.stackexchange.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Oct 06 '15 at 17:06
  • Also see [MD5 considered harmful today](https://www.win.tue.nl/hashclash/rogue-ca/). But as far as I know, all modern user agents reject a MD5 signature. Its one of the reasons [CAcert](https://www.cacert.org/) is now a problem. They offer free certificates, but their CA was dropped from nearly all trusted stores due to a MD5 signature on their CA. – jww Oct 06 '15 at 17:10

0 Answers0