[193785] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (valdis.kletnieks@vt.edu)
Thu Feb 23 18:22:30 2017
X-Original-To: nanog@nanog.org
From: valdis.kletnieks@vt.edu
X-Google-Original-From: Valdis.Kletnieks@vt.edu
To: "Ricky Beam" <jfbeam@gmail.com>
In-Reply-To: <op.yv4w94eitfhldh@rbeam.xactional.com>
Date: Thu, 23 Feb 2017 18:21:19 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1487892079_2876P
Content-Type: text/plain; charset=us-ascii
On Thu, 23 Feb 2017 17:40:42 -0500, "Ricky Beam" said:
> cost! However this in no way invalidates SHA-1 or documents signed by
> SHA-1.
We negotiate a contract with terms favorable to you. You sign it (or more
correctly, sign the SHA-1 hash of the document).
I then take your signed copy, take out the contract, splice in a different
version with terms favorable to me. Since the hash didn't change, your
signature on the second document remains valid.
I present it in court, and the judge says "you signed it, you're stuck with
the terms you signed".
I think that would count as "invalidates documents signed by SHA-1", don't you?
--==_Exmh_1487892079_2876P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Comment: Exmh version 2.5 07/13/2001
iQEVAwUBWK9ub40DS38y7CIcAQIoXwf+MWc0z4iS7NU7DQ3FQGTw9o6yxnV13DzZ
i/+01MpEsd2nZHccVJS9LCt/s6Q4zotZ/G+WDsZyBuSo8SxtHUul2vtDP2jxHQ28
z82mEjeJwszjrJKrD0jpEjf5lsE4j5Yx7WKvIUslTCJL4cRn3tuSP6+2PtEJATQZ
ROOlesp3FpaB+oObSJQvG4d91VqWxiZNwOQEKnk2a62l45PKjvncMc5wHa21ls8K
7QM+eJDpbn+N4ZT0/8HTUJI2+0M2wjrQSfb4GueteISRuU5/4voXpAB6Z4qG6LDO
Y6yaVtQGnDNdXPlsvUtF0FwUgMaKzWOd3V/a45/N3sAmFT6y7556FQ==
=JKAI
-----END PGP SIGNATURE-----
--==_Exmh_1487892079_2876P--
