|Applies To||RSA Certificate Manager 6.8|
RSA Certificate Manager (RCM)
Message-Digest Algorithm (MD5)
|Issue||Does RCM have any vulnerabilites by using MD5 for referencing objects in the administration console?|
All certificates used in RCM use the MD5 number for reference
Web sites regarding MD5 vulnerability:
|Resolution||Using the MD5 hash as a reference number for the certificates created will not cause any vunerability due to weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash known as an MD5 "collision".|
Since RCM only uses the MD5 hash as a reference number for the nameing of object in the database, there is no trust chain to exploit as shown with the recent MD5 vunerability.
For information on the MD5 vunerability with Root CAs, see solution What algorithm does RCM used to sign the certificates? .
|Legacy Article ID||a44051|