[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SHA1 collisions proven possisble

Subject: SHA1 collisions proven possisble
From: mysidia at gmail.com (Jimmy Hess)
Date: Sat, 25 Feb 2017 16:44:13 -0600
In-reply-to: <[email protected]>
References: <CAPiURgU8UPW9jFzvvf_5D9sX-tyP6qna=wfR4SgLETTbri3uBA@mail.gmail.com> <CAD6AjGT_gvTyifvQOU4z-PNmuCjxOm9DqBvjvomR-9Qvmkg1uw@mail.gmail.com> <[email protected]>

On Thu, Feb 23, 2017 at 2:03 PM, Patrick W. Gilmore <patrick at ianai.net> wrote:

> For instance, someone cannot take Verisign?s root cert and create a cert which collides
> on SHA-1. Or at least we do not think they can. We?ll know in 90 days when
> Google releases the code.

Maybe.   If you assume that no SHA attack was known to anybody at the
time the Verisign
cert was originally created,  And that the process used to originally
create Verisign's root cert
was not tainted  to leverage such attack.

If it was tainted,  then  maybe there's another version of the
certificate that was constructed
with a different Subject name and Subject public key,  but the same
SHA1 hash, and same Issuer Name and same Issuer Public Key.

> --
> TTFN,
--
-JH

Follow-Ups:
- SHA1 collisions proven possisble
  - From: patrick at ianai.net (Patrick W. Gilmore)

References:
- SHA1 collisions proven possisble
  - From: shortdudey123 at gmail.com (Grant Ridder)
- SHA1 collisions proven possisble
  - From: cb.list6 at gmail.com (Ca By)
- SHA1 collisions proven possisble
  - From: patrick at ianai.net (Patrick W. Gilmore)

Prev by Date: SHA1 collisions proven possisble
Next by Date: Cellular enabled console server
Previous by thread: SHA1 collisions proven possisble
Next by thread: SHA1 collisions proven possisble
Index(es):
- Date
- Thread