I think what you said is correct... until an attacker figures out a way to violate it by changing some subtle assumption.
For example, before Dec 2008 it was generally believed that a cert signature forgery would require a second preimage attack. Then Stevens et al. proved that under the right circumstances it could be done using collisions only.
Say, did you know some x509 PKI entities keep the same keypair going indefinitely by reusing the same one every time they renew?
For example, before Dec 2008 it was generally believed that a cert signature forgery would require a second preimage attack. Then Stevens et al. proved that under the right circumstances it could be done using collisions only.
Say, did you know some x509 PKI entities keep the same keypair going indefinitely by reusing the same one every time they renew?