[193789] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Thu Feb 23 20:56:31 2017
X-Original-To: nanog@nanog.org
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <23686.1487892079@turing-police.cc.vt.edu>
Date: Thu, 23 Feb 2017 20:56:28 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Feb 23, 2017, at 6:21 PM, valdis.kletnieks@vt.edu wrote:
> On Thu, 23 Feb 2017 17:40:42 -0500, "Ricky Beam" said:
>=20
>> cost! However this in no way invalidates SHA-1 or documents signed by
>> SHA-1.
>=20
> We negotiate a contract with terms favorable to you. You sign it (or =
more
> correctly, sign the SHA-1 hash of the document).
>=20
> I then take your signed copy, take out the contract, splice in a =
different
> version with terms favorable to me. Since the hash didn't change, =
your
> signature on the second document remains valid.
>=20
> I present it in court, and the judge says "you signed it, you're stuck =
with
> the terms you signed".
>=20
> I think that would count as "invalidates documents signed by SHA-1", =
don't you?
Doesn=E2=80=99t work that way.
According to the blog post, you can create two documents which have the =
same hash, but you do not know what that hash is until the algorithm =
finishes. You cannot create a document which matches a pre-existing =
hash, i.e. the one in the signed doc. Hence my comment that you can=E2=80=99=
t take Verisign=E2=80=99s root key and create a new key which matches =
the hash.
--=20
TTFN,
patrick
