Paper 2019/130

Are Certificate Thumbprints Unique?

Greg Zaverucha and Dan Shumow


A certificate thumbprint is a hash of a certificate, computed over all certificate data and its signature. Thumbprints are used as unique identifiers for certificates, in applications when making trust decisions, in configuration files, and displayed in interfaces. In this paper we show that thumbprints are not unique in two cases. First, we demonstrate that creating two X.509 certificates with the same thumbprint is possible when the hash function is weak, in particular when chosen-prefix collision attacks are possible. This type of collision attack is now practical for MD5, and expected to be practical for SHA-1 in the near future. Second, we show that certificates may be mauled in a way that they remain valid, but that they have different thumbprints. While these properties may be unexpected, we believe the scenarios where this could lead to a practical attack are limited and require very sophisticated attackers. We also checked the thumbprints of a large dataset of certificates used on the Internet, and found no evidence that would indicate thumbprints of certificates in use today are not unique.

Note: Updated with reference to CVE-2019-1715.

Available format(s)
Cryptographic protocols
Publication info
Preprint. Minor revision.
Certificateskey managementsignaturescertificate thumbprints
Contact author(s)
gregz @ microsoft com
danshu @ microsoft com
2019-10-03: revised
2019-02-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Greg Zaverucha and Dan Shumow},
      title = {Are Certificate Thumbprints Unique?},
      howpublished = {Cryptology ePrint Archive, Paper 2019/130},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.