SHA1 collisions proven possisble
Matt Palmer
mpalmer at hezmatt.org
Mon Feb 27 02:16:00 UTC 2017
On Sun, Feb 26, 2017 at 05:41:47PM -0600, Brett Frankenberger wrote:
> On Sun, Feb 26, 2017 at 12:18:48PM -0500, Patrick W. Gilmore wrote:
> > I repeat something I've said a couple times in this thread: If I can
> > somehow create two docs with the same hash, and somehow con someone
> > into using one of them, chances are there are bigger problems than a
> > SHA1 hash collision.
> >
> > If you assume I could somehow get Verisign to use a cert I created to
> > match another cert with the same hash, why in the hell would that
> > matter? I HAVE THE ONE VERISIGN IS USING. Game over.
> >
> > Valdis came up with a possible use of such documents. While I do not
> > think there is zero utility in those instances, they are pretty small
> > vectors compared to, say, having a root cert at a major CA.
>
> I want a google.com cert. I ask a CA to sign my fake google.com
> certificate. They decline, because I can't prove I control google.com.
Even better: I want a CA cert. I convince a CA to issue me a regular,
end-entity cert for `example.com` (which I control) in such a way that I can
generate another cert with the same SHA1 hash, but which has `CA:TRUE` for
the Basic Constraints extension.
Wham! I can now generate certs for *EVERYONE*. At least until someone
notices and takes away my shiny new toy...
- Matt
--
[M]ost of the other people here [...] drive cars that they have personally
built (starting with iron ore, charcoal, and a Malaysian turn-signal tree)
[...] but I wimp out on all of those points. Sometimes there are advantages
to paying somebody else to do it for you. -- Matt Roberds, in the Monastery
More information about the NANOG
mailing list