nanog mailing list archives

RE: SHA1 collisions proven possisble

From: "David Edelman" <dedelman () iname com>
Date: Thu, 23 Feb 2017 21:51:02 -0500

Especially if that "document" is a component of a ciphersuite exchange.

--Dave

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of
valdis.kletnieks () vt edu
Sent: Thursday, February 23, 2017 9:22 PM
To: Ricky Beam <jfbeam () gmail com>
Cc: nanog () nanog org
Subject: Re: SHA1 collisions proven possisble

On Thu, 23 Feb 2017 21:10:42 -0500, "Ricky Beam" said:

When you can do that in the timespan of weeks or days, get back to me.
Today, it takes years to calculate a collision, and you have to start 
with a document specifically engineered to be modified. (such 
documents are easily spotted upon inspection: why does this word doc 
contain two
documents?)


That question never arises, because this word doc contains only one
document.

The *OTHER* word doc also contains only one document.

You can't take any random document, modify it to say what you want, 
and keep the same hash. People still haven't been able to do that with 
MD5, and that's been "broken" for a long time.


That doesn't change the fact that if I can get you to sign a document I
present to you, I can still have lots of fun at your expense.

Current thread:

Re: SHA1 collisions proven possisble, (continued)
- - - Re: SHA1 collisions proven possisble Jon Lewis (Feb 23)
    - Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
    - Re: SHA1 collisions proven possisble Vincent Bernat (Feb 24)
    - Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
    - Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
    - Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
    - Re: SHA1 collisions proven possisble Vincent Bernat (Feb 24)
    - Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 24)
    - Re: SHA1 collisions proven possisble Ricky Beam (Feb 23)
    - Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
    - RE: SHA1 collisions proven possisble David Edelman (Feb 23)
    - Re: SHA1 collisions proven possisble Lyndon Nerenberg (Feb 23)
    - Re: SHA1 collisions proven possisble Florian Weimer (Feb 24)
    - Re: SHA1 collisions proven possisble Jimmy Hess (Feb 25)
    - Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
    - Re: SHA1 collisions proven possisble Nick Hilliard (Feb 26)
    - Re: SHA1 collisions proven possisble Brett Frankenberger (Feb 26)
    - Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
    - RE: SHA1 collisions proven possisble Keith Medcalf (Feb 26)
    - RE: SHA1 collisions proven possisble Jon Lewis (Feb 27)
    - Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)

(Thread continues...)