[193844] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Feb 27 04:03:48 2017
X-Original-To: nanog@nanog.org
Date: Mon, 27 Feb 2017 16:03:40 +0700
From: Randy Bush <randy@psg.com>
To: Eitan Adler <lists@eitanadler.com>
In-Reply-To: <CAF6rxgmQmLOypXkX3RBkPZ7uyeLu9aA85KNoZaaXfbHK3W5AZA@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> 1. Create a certificate C[ert] for a single domain you control with hash h(c).
> 2. Create a second certificate A[ttack] marked as a certificate
> authority such that h(C) = h(A).
> 3. Have a certificate authority sign cert C
> 4. Present the signature for A along with A for whatever nefarious
> purpose you want.
luckily, step 2 can be done in a minute on a raspberry pi
