nanog mailing list archives
Re: SHA1 collisions proven possisble
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Thu, 23 Feb 2017 21:16:12 -0500
On Feb 23, 2017, at 9:08 PM, valdis.kletnieks () vt edu wrote:
On Thu, 23 Feb 2017 20:56:28 -0500, "Patrick W. Gilmore" said:According to the blog post, you can create two documents which have the same hash, but you do not know what that hash is until the algorithm finishes. You cannot create a document which matches a pre-existing hash, i.e. the one in the signed doc.You missed the point. I generate *TWO* documents, with different terms but the same hash. I don't care if it matches anything else's hash, as long as these two documents have the same hash. I get you to sign the hash on the *ONE* document I present to you that is favorable to you. I then take your signature and transfer it to the *OTHER* document. No, I can't create a collision to a document you produced, or do anything to a document you already signed. But if I'm allowed to take it and make "minor formatting changes", or if I can just make sure I have the last turn in the back-and-forth negotiating... because the problem is if I can get you to sign a plaintext of my choosing….
I did miss the point. Thanks for setting me straight. A couple things will make this slightly less useful for the attacker: 1) How many people are not going to keep a copy? Once both docs are be found to have the same hash, well, game over. 2) The headers will be very strange indeed. The way this works is Google twiddled with the headers to make them look the same. That is probably pretty obvious if you look for it. Oh, and third: Everyone should stop using SHA-1 anyway. :-) -- TTFN, patrick
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- Re: SHA1 collisions proven possisble, (continued)
- Re: SHA1 collisions proven possisble Royce Williams (Feb 23)
- Re: SHA1 collisions proven possisble Richard Hesse (Feb 25)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 25)
- Re: SHA1 collisions proven possisble Randy Bush (Feb 26)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Jon Lewis (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Vincent Bernat (Feb 24)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble Vincent Bernat (Feb 24)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 24)
- Re: SHA1 collisions proven possisble Ricky Beam (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- RE: SHA1 collisions proven possisble David Edelman (Feb 23)
- Re: SHA1 collisions proven possisble Lyndon Nerenberg (Feb 23)
- Re: SHA1 collisions proven possisble Florian Weimer (Feb 24)
- Re: SHA1 collisions proven possisble Jimmy Hess (Feb 25)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
- Re: SHA1 collisions proven possisble Nick Hilliard (Feb 26)