[193816] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Fri Feb 24 12:19:04 2017
X-Original-To: nanog@nanog.org
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <87d1e7ikqg.fsf@luffy.cx>
Date: Fri, 24 Feb 2017 12:11:46 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Feb 24, 2017, at 12:04 PM, Vincent Bernat <bernat@luffy.cx> wrote:
> =E2=9D=A6 23 f=C3=A9vrier 2017 21:16 -0500, "Patrick W. Gilmore" =
<patrick@ianai.net> :
>=20
>> A couple things will make this slightly less useful for the attacker:
>> 1) How many people are not going to keep a copy? Once both docs =
are be
>> found to have the same hash, well, game over.
>=20
> But if a transaction is automated, it may be too late. For example, if
> the document is a bank transfer slip.
If I can control the bank side of presenting an automated transfer slip, =
I really don=E2=80=99t need to worry about SHA-1 collisions. I already =
have all your money.
--=20
TTFN,
patrick
