SHA1 collisions proven possisble

Ricky Beam jfbeam at
Fri Feb 24 02:10:42 UTC 2017

On Thu, 23 Feb 2017 18:21:19 -0500, <valdis.kletnieks at> wrote:
> We negotiate a contract with terms favorable to you.  You sign it (or  
> more correctly, sign the SHA-1 hash of the document).
> ...

When you can do that in the timespan of weeks or days, get back to me.  
Today, it takes years to calculate a collision, and you have to start with  
a document specifically engineered to be modified. (such documents are  
easily spotted upon inspection: why does this word doc contain two  
documents?) You can't take any random document, modify it to say what you  
want, and keep the same hash. People still haven't been able to do that  
with MD5, and that's been "broken" for a long time.

This isn't a checksum or CRC. The changing of bits in the input has an  
unpredictable effect on the output -- you have to do the entire hash  
calculation (or most of it), there is no instantaneous shortcut. They had  
to do 9billion billion hashes to stumble on a solution, after all.

For example, one cannot recover an SSL certificate given only the hash  
(MD5 or SHA-1.) One cannot change the expiration date of an existing  
certificate while still maintaining the same hash.

The fact that modern technology can perform 9BB hashes in a realistic time  
frame is worth noting. (that capability is usually wasted on bitcoin  

More information about the NANOG mailing list