SHA1 collisions proven possisble

valdis.kletnieks at valdis.kletnieks at
Fri Feb 24 00:48:52 UTC 2017

On Thu, 23 Feb 2017 19:28:44 -0500, Jon Lewis said:

> Doing it with an ASCII document, source code, or even something like a
> Word document (containing only text and formatting), and having it not be
> obvious upon inspection of the documents that the "imposter" document
> contains some "specific hash influencing 'gibberish'" would be far more
> disturbing.

Keep in mind that there's *lots* of stuff that people might want to sign
that aren't flat ASCII.  For instance, the video that just came out of
that police officer's bodycam.  If the "gibberish" is scattered across the
pixels, you'll never know.

And let's face it - if you need to do an inspection because you don't
trust the hash to have done its job - *the hash has failed to do its job*.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list