SHA1 collisions proven possisble

valdis.kletnieks at valdis.kletnieks at
Fri Feb 24 02:08:03 UTC 2017

On Thu, 23 Feb 2017 20:56:28 -0500, "Patrick W. Gilmore" said:

> According to the blog post, you can create two documents which have the same
> hash, but you do not know what that hash is until the algorithm finishes. You
> cannot create a document which matches a pre-existing hash, i.e. the one in the
> signed doc.

You missed the point.  I generate *TWO* documents, with different terms but the
same hash. I don't care if it matches anything else's hash, as long as these two
documents have the same hash.  I get you to sign the hash on the *ONE* document I present to you
that is favorable to you.  I then take your signature and transfer it to the
*OTHER* document.

No, I can't create a collision to a document you produced, or do anything to a
document you already signed. But if I'm allowed to take it and make "minor
formatting changes", or if I can just make sure I have the last turn in the
back-and-forth negotiating... because the problem is if I can get you to sign a
plaintext of my choosing....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list