Re: SHA1 collisions proven possisble

[valdis.kletnieks () vt edu]

On Thu, 23 Feb 2017 19:28:44 -0500, Jon Lewis said:

> Doing it with an ASCII document, source code, or even something like a
> Word document (containing only text and formatting), and having it not be
> obvious upon inspection of the documents that the "imposter" document
> contains some "specific hash influencing 'gibberish'" would be far more
> disturbing.

Keep in mind that there's *lots* of stuff that people might want to sign
that aren't flat ASCII.  For instance, the video that just came out of
that police officer's bodycam.  If the "gibberish" is scattered across the
pixels, you'll never know.

And let's face it - if you need to do an inspection because you don't
trust the hash to have done its job - *the hash has failed to do its job*.

Attachment: _bin
Description: