[193840] in North American Network Operators' Group
RE: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sun Feb 26 23:24:31 2017
X-Original-To: nanog@nanog.org
Date: Sun, 26 Feb 2017 21:02:48 -0700
In-Reply-To: <20170227021600.GA28832@hezmatt.org>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "Matt Palmer" <mpalmer@hezmatt.org>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Sunday, 26 February, 2017 19:16 Matt Palmer <mpalmer@hezmatt.org> said:
> On Sun, Feb 26, 2017 at 05:41:47PM -0600, Brett Frankenberger wrote:
> > On Sun, Feb 26, 2017 at 12:18:48PM -0500, Patrick W. Gilmore wrote:
> > > I repeat something I've said a couple times in this thread: If I can
> > > somehow create two docs with the same hash, and somehow con someone
> > > into using one of them, chances are there are bigger problems than a
> > > SHA1 hash collision.
> > >
> > > If you assume I could somehow get Verisign to use a cert I created to
> > > match another cert with the same hash, why in the hell would that
> > > matter? I HAVE THE ONE VERISIGN IS USING. Game over.
> > >
> > > Valdis came up with a possible use of such documents. While I do not
> > > think there is zero utility in those instances, they are pretty small
> > > vectors compared to, say, having a root cert at a major CA.
> >
> > I want a google.com cert. I ask a CA to sign my fake google.com
> > certificate. They decline, because I can't prove I control google.com.
>
> Even better: I want a CA cert. I convince a CA to issue me a regular,
> end-entity cert for `example.com` (which I control) in such a way that I
> can
> generate another cert with the same SHA1 hash, but which has `CA:TRUE` fo=
r
> the Basic Constraints extension.
>
> Wham! I can now generate certs for *EVERYONE*. At least until someone
> notices and takes away my shiny new toy...
So you would need 6000 years of computer time to compute the collision on t=
he SHA1 signature, and how much additional time to compute the trapdoor (pr=
ivate) key, in order for the cert to be of any use?
