[193788] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (valdis.kletnieks@vt.edu)
Thu Feb 23 19:49:03 2017
X-Original-To: nanog@nanog.org
From: valdis.kletnieks@vt.edu
X-Google-Original-From: Valdis.Kletnieks@vt.edu
To: Jon Lewis <jlewis@lewis.org>
In-Reply-To: <alpine.LRH.2.02.1702231910380.3485@soloth.lewis.org>
Date: Thu, 23 Feb 2017 19:48:52 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1487897332_2876P
Content-Type: text/plain; charset=us-ascii
On Thu, 23 Feb 2017 19:28:44 -0500, Jon Lewis said:
> Doing it with an ASCII document, source code, or even something like a
> Word document (containing only text and formatting), and having it not be
> obvious upon inspection of the documents that the "imposter" document
> contains some "specific hash influencing 'gibberish'" would be far more
> disturbing.
Keep in mind that there's *lots* of stuff that people might want to sign
that aren't flat ASCII. For instance, the video that just came out of
that police officer's bodycam. If the "gibberish" is scattered across the
pixels, you'll never know.
And let's face it - if you need to do an inspection because you don't
trust the hash to have done its job - *the hash has failed to do its job*.
--==_Exmh_1487897332_2876P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Comment: Exmh version 2.5 07/13/2001
iQEVAwUBWK+C9I0DS38y7CIcAQI8CQf+PUMh8Q6BQEAEY2FUz6LGyxjJ1lyK42FT
+Ch5UAqaQKjC7Aax+ZkfwJPH7YTcO9MaPIfAgjnn9LauV1KruDmiE7aVA8dQzUgQ
N4hwYj5DeSMNAMfb0U3wdITqF2UkSdfvE++7qyVp3rfMU0dQj9PNEkAGMRZSqdnv
jt6HorIJtb9AeYTu1agM4is0CRyEU++ggy/vFCrppnjqMn2NPx88NZgdQYIXkX6H
HHBUBqFZivBcblvpcT9WCu446CbGXBPg/Y0Iz+eZgNlVv+YK/WDcVSCVaGhBKihu
Fo4Ue9WiOsQhlHYeVtr/VTt/ZIJRGHpAZ5xibQKRVCZMJP+ImiQxeg==
=NR24
-----END PGP SIGNATURE-----
--==_Exmh_1487897332_2876P--
