nanog mailing list archives
Re: SHA1 collisions proven possisble
From: valdis.kletnieks () vt edu
Date: Thu, 23 Feb 2017 15:57:35 -0500
On Thu, 23 Feb 2017 15:03:34 -0500, "Patrick W. Gilmore" said:
For instance, someone cannot take Verisignâs root cert and create a cert which collides on SHA-1. Or at least we do not think they can. Weâll know in 90 days when Google releases the code.
From the announce:
"It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file." So they're able to craft two objects that collide to the same unpredictable hash, but *not* produce an object that collides to a pre-specified hash.
Attachment:
_bin
Description:
Current thread:
- SHA1 collisions proven possisble Grant Ridder (Feb 23)
- Re: SHA1 collisions proven possisble Ca By (Feb 23)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Ricky Beam (Feb 23)
- Re: SHA1 collisions proven possisble J. Hellenthal (Feb 23)
- Re: SHA1 collisions proven possisble Royce Williams (Feb 23)
- Re: SHA1 collisions proven possisble Richard Hesse (Feb 25)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 25)
- Re: SHA1 collisions proven possisble Randy Bush (Feb 26)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Jon Lewis (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Vincent Bernat (Feb 24)
- Re: SHA1 collisions proven possisble Ca By (Feb 23)