SHA1 collisions proven possisble

[dedelman at iname.com (David Edelman)]

Especially if that "document" is a component of a ciphersuite exchange.

--Dave

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of
valdis.kletnieks at vt.edu
Sent: Thursday, February 23, 2017 9:22 PM
To: Ricky Beam <jfbeam at gmail.com>
Cc: nanog at nanog.org
Subject: Re: SHA1 collisions proven possisble

On Thu, 23 Feb 2017 21:10:42 -0500, "Ricky Beam" said:

> When you can do that in the timespan of weeks or days, get back to me.
> Today, it takes years to calculate a collision, and you have to start 
> with a document specifically engineered to be modified. (such 
> documents are easily spotted upon inspection: why does this word doc 
> contain two
> documents?)

That question never arises, because this word doc contains only one
document.

The *OTHER* word doc also contains only one document.

> You can't take any random document, modify it to say what you want, 
> and keep the same hash. People still haven't been able to do that with 
> MD5, and that's been "broken" for a long time.

That doesn't change the fact that if I can get you to sign a document I
present to you, I can still have lots of fun at your expense.