SHA1 collisions proven possisble

• Previous message (by thread): SHA1 collisions proven possisble
• Next message (by thread): SHA1 collisions proven possisble
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 1. Create a certificate C[ert] for a single domain you control with hash h(c).
> 2. Create a second certificate A[ttack] marked as a certificate
>    authority such that h(C) = h(A).
> 3. Have a certificate authority sign cert C
> 4. Present the signature for A along with A for whatever nefarious
>    purpose you want.

luckily, step 2 can be done in a minute on a raspberry pi

• Previous message (by thread): SHA1 collisions proven possisble
• Next message (by thread): SHA1 collisions proven possisble
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]