[193834] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Feb 26 12:18:52 2017
X-Original-To: nanog@nanog.org
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <CAAAwwbUdjxdouW0BYXf_Sbrcm10=CdZq5u=De4ynsujkD9-m=w@mail.gmail.com>
Date: Sun, 26 Feb 2017 12:18:48 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Feb 25, 2017, at 17:44, Jimmy Hess <mysidia@gmail.com> wrote:
>> On Thu, Feb 23, 2017 at 2:03 PM, Patrick W. Gilmore <patrick@ianai.net> w=
rote:
>>=20
>> For instance, someone cannot take Verisign=E2=80=99s root cert and create=
a cert which collides
>> on SHA-1. Or at least we do not think they can. We=E2=80=99ll know in 90 d=
ays when
>> Google releases the code.
>=20
> Maybe. If you assume that no SHA attack was known to anybody at the
> time the Verisign
> cert was originally created, And that the process used to originally
> create Verisign's root cert
> was not tainted to leverage such attack.
>=20
> If it was tainted, then maybe there's another version of the
> certificate that was constructed
> with a different Subject name and Subject public key, but the same
> SHA1 hash, and same Issuer Name and same Issuer Public Key.
I repeat something I've said a couple times in this thread: If I can somehow=
create two docs with the same hash, and somehow con someone into using one o=
f them, chances are there are bigger problems than a SHA1 hash collision.
If you assume I could somehow get Verisign to use a cert I created to match a=
nother cert with the same hash, why in the hell would that matter? I HAVE TH=
E ONE VERISIGN IS USING. Game over.
Valdis came up with a possible use of such documents. While I do not think t=
here is zero utility in those instances, they are pretty small vectors compa=
red to, say, having a root cert at a major CA.
--=20
TTFN,
patrick=
