SHA1 collisions proven possisble
Randy Bush
randy at psg.com
Mon Feb 27 09:03:40 UTC 2017
> 1. Create a certificate C[ert] for a single domain you control with hash h(c).
> 2. Create a second certificate A[ttack] marked as a certificate
> authority such that h(C) = h(A).
> 3. Have a certificate authority sign cert C
> 4. Present the signature for A along with A for whatever nefarious
> purpose you want.
luckily, step 2 can be done in a minute on a raspberry pi
More information about the NANOG
mailing list