Paper 2019/130

Are Certificate Thumbprints Unique?

Greg Zaverucha and Dan Shumow

Abstract

A certificate thumbprint is a hash of a certificate, computed over all certificate data and its signature. Thumbprints are used as unique identifiers for certificates, in applications when making trust decisions, in configuration files, and displayed in interfaces. In this paper we show that thumbprints are not unique in two cases. First, we demonstrate that creating two X.509 certificates with the same thumbprint is possible when the hash function is weak, in particular when chosen-prefix collision attacks are possible. This type of collision attack is now practical for MD5, and expected to be practical for SHA-1 in the near future. Second, we show that certificates may be mauled in a way that they remain valid, but that they have different thumbprints. While these properties may be unexpected, we believe the scenarios where this could lead to a practical attack are limited and require very sophisticated attackers. We also checked the thumbprints of a large dataset of certificates used on the Internet, and found no evidence that would indicate thumbprints of certificates in use today are not unique.

Note: Updated with reference to CVE-2019-1715.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Certificateskey managementsignaturescertificate thumbprints
Contact author(s)
gregz @ microsoft com
danshu @ microsoft com
History
2019-10-03: revised
2019-02-13: received
See all versions
Short URL
https://ia.cr/2019/130
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/130,
      author = {Greg Zaverucha and Dan Shumow},
      title = {Are Certificate Thumbprints Unique?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/130},
      year = {2019},
      url = {https://eprint.iacr.org/2019/130}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.