<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2017-03-01 23:55 GMT+01:00 Peter Gutmann <span dir="ltr"><<a href="mailto:pgut001@cs.auckland.ac.nz" target="_blank">pgut001@cs.auckland.ac.nz</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>[...]</span><br>
<br>
Another thing that the report is insufficiently clear about is that this isn't<br>
about creating a collision with an existing document, it's about creating a<br>
document from scratch that can be manipulated to have two different forms but<br>
the same hash.  So it's more a badly-designed-repository-stre<wbr>ss-tester than a<br>
signature-forgery attack.<br>
<span class="m_4410479848677172156HOEnZb"><font color="#888888"><br>
Peter.<br>
</font></span><div class="m_4410479848677172156HOEnZb"><div class="m_4410479848677172156h5"><br>
______________________________<wbr>_________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com" target="_blank">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" rel="noreferrer" target="_blank">http://www.metzdowd.com/mailma<wbr>n/listinfo/cryptography</a></div></div></blockquote></div><br><br></div><div class="gmail_extra">Isn't what you describe a "second preimage" attack on SHA -1 rather than a collision. <br clear="all"></div><div class="gmail_extra"><br>-- <br><div class="m_4410479848677172156gmail_signature" data-smartmail="gmail_signature">Alexandre Anzala-Yamajako<br><br><br></div>
</div></div>