[193792] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Thu Feb 23 21:16:18 2017
X-Original-To: nanog@nanog.org
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Thu, 23 Feb 2017 21:16:12 -0500
In-Reply-To: <12541.1487902083@turing-police.cc.vt.edu>
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_FBFD0C0C-6087-487B-A255-5B147484EB56
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On Feb 23, 2017, at 9:08 PM, valdis.kletnieks@vt.edu wrote:
> On Thu, 23 Feb 2017 20:56:28 -0500, "Patrick W. Gilmore" said:
>=20
>> According to the blog post, you can create two documents which have =
the same
>> hash, but you do not know what that hash is until the algorithm =
finishes. You
>> cannot create a document which matches a pre-existing hash, i.e. the =
one in the
>> signed doc.
>=20
> You missed the point. I generate *TWO* documents, with different =
terms but the
> same hash. I don't care if it matches anything else's hash, as long as =
these two
> documents have the same hash. I get you to sign the hash on the *ONE* =
document I present to you
> that is favorable to you. I then take your signature and transfer it =
to the
> *OTHER* document.
>=20
> No, I can't create a collision to a document you produced, or do =
anything to a
> document you already signed. But if I'm allowed to take it and make =
"minor
> formatting changes", or if I can just make sure I have the last turn =
in the
> back-and-forth negotiating... because the problem is if I can get you =
to sign a
> plaintext of my choosing=E2=80=A6.
I did miss the point. Thanks for setting me straight.
A couple things will make this slightly less useful for the attacker:
1) How many people are not going to keep a copy? Once both docs =
are be
found to have the same hash, well, game over.
2) The headers will be very strange indeed. The way this works =
is
Google twiddled with the headers to make them look the same. =
That
is probably pretty obvious if you look for it.
Oh, and third: Everyone should stop using SHA-1 anyway. :-)
--
TTFN,
patrick
--Apple-Mail=_FBFD0C0C-6087-487B-A255-5B147484EB56
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYr5dsAAoJEG0dU8fZKHCv2BIP/0G/Iq+ZAFm5dsFxZSzqbpP4
JRrjHZi1G0s5o9xRU6RGPgICiXjI6qBmDxuhFebtez4KY+WB0ynqUZ8WcYcaop/u
uwpkr3HDOHpbeAOeAR5NBkXzK9WUSiKZejUcNmszYtFsNKQmG0Xjb/iX8/uHoGsg
o5VzeL09KOO0PgXRWSSc1wxPD8jrgvERbPB6QvuIno/52VXT6xqmhl88IOS5JEPn
3U0cOT4j+Mk6QXxho+XLschm0plTDB+/hA1TNMENxmVo5Y8vwwgCWZcK6k8o82Zk
BW2EvVvgFziAG8HnH1dsrjvt/VPBp3+Lz06QZ9kCANu/6Cyq+AsTnTu+3dsYib/m
acgW9j8FDNHkeShNzz5HqUeKB8I2FkBk26LyoMfDCgkLrFxrW43TAvzp6KQ5XO5M
mvHDVJYijpv6m/lr9tNkurySYLND/tJXfHbJ/Lm7zPFV9glYFH9Zr/rWP97eD40V
XUhZtWaUFg8EVQ5kENagMxXG6nhk/Wd8DuhJZzP7BR9haRHR00w/EYxrH5dnlihs
dO5C5+U/8/X7/D+sOA/QtOjOsq9dgCsJ0r/Q2umlAkbQkhWLMddYUlvvlOKiZiOC
TMYSN5wmYu48QvSjNyGMzu08sLnKam1MC8I8AOwYp9pw4jrrfLcX7PacZQ6wEb9z
CsDV0uhng6q+gQd2aGVu
=/v+I
-----END PGP SIGNATURE-----
--Apple-Mail=_FBFD0C0C-6087-487B-A255-5B147484EB56--
