SHA1 collisions proven possisble

Patrick W. Gilmore patrick at
Fri Feb 24 01:56:28 UTC 2017

On Feb 23, 2017, at 6:21 PM, valdis.kletnieks at wrote:
> On Thu, 23 Feb 2017 17:40:42 -0500, "Ricky Beam" said:
>> cost! However this in no way invalidates SHA-1 or documents signed by
>> SHA-1.
> We negotiate a contract with terms favorable to you.  You sign it (or more
> correctly, sign the SHA-1 hash of the document).
> I then take your signed copy, take out the contract, splice in a different
> version with terms favorable to me.  Since the hash didn't change, your
> signature on the second document remains valid.
> I present it in court, and the judge says "you signed it, you're stuck with
> the terms you signed".
> I think that would count as "invalidates documents signed by SHA-1", don't you?

Doesn’t work that way.

According to the blog post, you can create two documents which have the same hash, but you do not know what that hash is until the algorithm finishes. You cannot create a document which matches a pre-existing hash, i.e. the one in the signed doc. Hence my comment that you can’t take Verisign’s root key and create a new key which matches the hash.


More information about the NANOG mailing list