nanog mailing list archives
Re: SHA1 collisions proven possisble
From: Matt Palmer <mpalmer () hezmatt org>
Date: Mon, 27 Feb 2017 13:16:00 +1100
On Sun, Feb 26, 2017 at 05:41:47PM -0600, Brett Frankenberger wrote:
On Sun, Feb 26, 2017 at 12:18:48PM -0500, Patrick W. Gilmore wrote:I repeat something I've said a couple times in this thread: If I can somehow create two docs with the same hash, and somehow con someone into using one of them, chances are there are bigger problems than a SHA1 hash collision. If you assume I could somehow get Verisign to use a cert I created to match another cert with the same hash, why in the hell would that matter? I HAVE THE ONE VERISIGN IS USING. Game over. Valdis came up with a possible use of such documents. While I do not think there is zero utility in those instances, they are pretty small vectors compared to, say, having a root cert at a major CA.I want a google.com cert. I ask a CA to sign my fake google.com certificate. They decline, because I can't prove I control google.com.
Even better: I want a CA cert. I convince a CA to issue me a regular, end-entity cert for `example.com` (which I control) in such a way that I can generate another cert with the same SHA1 hash, but which has `CA:TRUE` for the Basic Constraints extension. Wham! I can now generate certs for *EVERYONE*. At least until someone notices and takes away my shiny new toy... - Matt -- [M]ost of the other people here [...] drive cars that they have personally built (starting with iron ore, charcoal, and a Malaysian turn-signal tree) [...] but I wimp out on all of those points. Sometimes there are advantages to paying somebody else to do it for you. -- Matt Roberds, in the Monastery
Current thread:
- Re: SHA1 collisions proven possisble, (continued)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 24)
- Re: SHA1 collisions proven possisble Ricky Beam (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- RE: SHA1 collisions proven possisble David Edelman (Feb 23)
- Re: SHA1 collisions proven possisble Lyndon Nerenberg (Feb 23)
- Re: SHA1 collisions proven possisble Florian Weimer (Feb 24)
- Re: SHA1 collisions proven possisble Jimmy Hess (Feb 25)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
- Re: SHA1 collisions proven possisble Nick Hilliard (Feb 26)
- Re: SHA1 collisions proven possisble Brett Frankenberger (Feb 26)
- Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
- RE: SHA1 collisions proven possisble Keith Medcalf (Feb 26)
- RE: SHA1 collisions proven possisble Jon Lewis (Feb 27)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
- Re: SHA1 collisions proven possisble Eitan Adler (Feb 26)
- Re: SHA1 collisions proven possisble Randy Bush (Feb 27)
- Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)
- Re: SHA1 collisions proven possisble Chris Adams (Feb 27)