Collision Attack
A collision, in cryptography, is the act of two different plaintext inputs producing the same exact ciphertext output.
A collision attack exploits collisions to forge a digital signature.
- used to
- forge a digital certificate to spoof a trusted website
- make it appear that trojan malware derived from trusted publisher
How it Works
- attacker creates a malicious document and a benign document that produce the same hash value
- attacker submits the benign document for signing by the target
- attacker removes the signature from the benign document and adds it to the malicious document, forging the target’s signature