[193791] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Ricky Beam)
Thu Feb 23 21:11:43 2017
X-Original-To: nanog@nanog.org
To: valdis.kletnieks@vt.edu
Date: Thu, 23 Feb 2017 21:10:42 -0500
From: "Ricky Beam" <jfbeam@gmail.com>
In-Reply-To: <23686.1487892079@turing-police.cc.vt.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, 23 Feb 2017 18:21:19 -0500, <valdis.kletnieks@vt.edu> wrote:
> We negotiate a contract with terms favorable to you. You sign it (or
> more correctly, sign the SHA-1 hash of the document).
> ...
When you can do that in the timespan of weeks or days, get back to me.
Today, it takes years to calculate a collision, and you have to start with
a document specifically engineered to be modified. (such documents are
easily spotted upon inspection: why does this word doc contain two
documents?) You can't take any random document, modify it to say what you
want, and keep the same hash. People still haven't been able to do that
with MD5, and that's been "broken" for a long time.
This isn't a checksum or CRC. The changing of bits in the input has an
unpredictable effect on the output -- you have to do the entire hash
calculation (or most of it), there is no instantaneous shortcut. They had
to do 9billion billion hashes to stumble on a solution, after all.
For example, one cannot recover an SSL certificate given only the hash
(MD5 or SHA-1.) One cannot change the expiration date of an existing
certificate while still maintaining the same hash.
The fact that modern technology can perform 9BB hashes in a realistic time
frame is worth noting. (that capability is usually wasted on bitcoin
mining.)
