SHA1 collisions proven possisble

valdis.kletnieks at valdis.kletnieks at
Thu Feb 23 23:21:19 UTC 2017

On Thu, 23 Feb 2017 17:40:42 -0500, "Ricky Beam" said:

> cost! However this in no way invalidates SHA-1 or documents signed by
> SHA-1.

We negotiate a contract with terms favorable to you.  You sign it (or more
correctly, sign the SHA-1 hash of the document).

I then take your signed copy, take out the contract, splice in a different
version with terms favorable to me.  Since the hash didn't change, your
signature on the second document remains valid.

I present it in court, and the judge says "you signed it, you're stuck with
the terms you signed".

I think that would count as "invalidates documents signed by SHA-1", don't you?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list