nanog mailing list archives

Re: SHA1 collisions proven possisble

From: Randy Bush <randy () psg com>
Date: Mon, 27 Feb 2017 16:03:40 +0700

1. Create a certificate C[ert] for a single domain you control with hash h(c).
2. Create a second certificate A[ttack] marked as a certificate
   authority such that h(C) = h(A).
3. Have a certificate authority sign cert C
4. Present the signature for A along with A for whatever nefarious
   purpose you want.


luckily, step 2 can be done in a minute on a raspberry pi

Current thread:

Re: SHA1 collisions proven possisble, (continued)
- - - Re: SHA1 collisions proven possisble Jimmy Hess (Feb 25)
    - Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
    - Re: SHA1 collisions proven possisble Nick Hilliard (Feb 26)
    - Re: SHA1 collisions proven possisble Brett Frankenberger (Feb 26)
    - Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
    - RE: SHA1 collisions proven possisble Keith Medcalf (Feb 26)
    - RE: SHA1 collisions proven possisble Jon Lewis (Feb 27)
    - Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)
    - Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
    - Re: SHA1 collisions proven possisble Eitan Adler (Feb 26)
    - Re: SHA1 collisions proven possisble Randy Bush (Feb 27)
    - Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
    - Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)
    - Re: SHA1 collisions proven possisble Chris Adams (Feb 27)
  - Re: SHA1 collisions proven possisble Tei (Feb 24)