Paper 2019/130
Are Certificate Thumbprints Unique?
Greg Zaverucha and Dan Shumow
Abstract
A certificate thumbprint is a hash of a certificate, computed over all certificate data and its signature. Thumbprints are used as unique identifiers for certificates, in applications when making trust decisions, in configuration files, and displayed in interfaces. In this paper we show that thumbprints are not unique in two cases. First, we demonstrate that creating two X.509 certificates with the same thumbprint is possible when the hash function is weak, in particular when chosen-prefix collision attacks are possible. This type of collision attack is now practical for MD5, and expected to be practical for SHA-1 in the near future. Second, we show that certificates may be mauled in a way that they remain valid, but that they have different thumbprints. While these properties may be unexpected, we believe the scenarios where this could lead to a practical attack are limited and require very sophisticated attackers. We also checked the thumbprints of a large dataset of certificates used on the Internet, and found no evidence that would indicate thumbprints of certificates in use today are not unique.
Note: Updated with reference to CVE-2019-1715.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- Certificateskey managementsignaturescertificate thumbprints
- Contact author(s)
-
gregz @ microsoft com
danshu @ microsoft com - History
- 2019-10-03: revised
- 2019-02-13: received
- See all versions
- Short URL
- https://ia.cr/2019/130
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/130,
author = {Greg Zaverucha and Dan Shumow},
title = {Are Certificate Thumbprints Unique?},
howpublished = {Cryptology ePrint Archive, Paper 2019/130},
year = {2019},
note = {\url{https://eprint.iacr.org/2019/130}},
url = {https://eprint.iacr.org/2019/130}
}
