SHA1 collisions proven possisble

• Previous message (by thread): SHA1 collisions proven possisble
• Next message (by thread): SHA1 collisions proven possisble
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 25, 2017, at 17:44, Jimmy Hess <mysidia at gmail.com> wrote:
>> On Thu, Feb 23, 2017 at 2:03 PM, Patrick W. Gilmore <patrick at ianai.net> wrote:
>> 
>> For instance, someone cannot take Verisign’s root cert and create a cert which collides
>> on SHA-1. Or at least we do not think they can. We’ll know in 90 days when
>> Google releases the code.
> 
> Maybe.   If you assume that no SHA attack was known to anybody at the
> time the Verisign
> cert was originally created,  And that the process used to originally
> create Verisign's root cert
> was not tainted  to leverage such attack.
> 
> If it was tainted,  then  maybe there's another version of the
> certificate that was constructed
> with a different Subject name and Subject public key,  but the same
> SHA1 hash, and same Issuer Name and same Issuer Public Key.

I repeat something I've said a couple times in this thread: If I can somehow create two docs with the same hash, and somehow con someone into using one of them, chances are there are bigger problems than a SHA1 hash collision.

If you assume I could somehow get Verisign to use a cert I created to match another cert with the same hash, why in the hell would that matter? I HAVE THE ONE VERISIGN IS USING. Game over.

Valdis came up with a possible use of such documents. While I do not think there is zero utility in those instances, they are pretty small vectors compared to, say, having a root cert at a major CA.

-- 
TTFN,
patrick

• Previous message (by thread): SHA1 collisions proven possisble
• Next message (by thread): SHA1 collisions proven possisble
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]