SHA1 collisions proven possisble

• Previous message (by thread): SHA1 collisions proven possisble
• Next message (by thread): SHA1 collisions proven possisble
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 23 Feb 2017 15:03:34 -0500, "Patrick W. Gilmore" said:

> For instance, someone cannot take Verisign’s root cert and create a cert
> which collides on SHA-1. Or at least we do not think they can. We’ll know in 90
> days when Google releases the code.

>From the announce:

"It is now practically possible to craft two colliding PDF files and obtain a
SHA-1 digital signature on the first PDF file which can also be abused as a
valid signature on the second PDF file."

So they're able to craft two objects that collide to the same unpredictable
hash, but *not* produce an object that collides to a pre-specified hash.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170223/4b7aac0f/attachment.sig>

• Previous message (by thread): SHA1 collisions proven possisble
• Next message (by thread): SHA1 collisions proven possisble
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]