[Cryptography] SHA-1 collision could also allow ePassport forgery
Jan Moritz Lindemann
panda at panda.cat
Mon Feb 27 10:29:08 EST 2017
Some countries (and not the smallest ones) still used RSA-SHA1 signatures
for their document signing certificates as late as 2010.
As passports and those certificates are usually valid 10 years this means
that if they are not revoked it is possible until 2020 to create forged
passports capable of passing automated security gates.
You can also take a look at the public key directory of the ICAO to look up
those certificates ;-)
https://pkddownloadsg.icao.int/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170227/bccb8f99/attachment.html>
More information about the cryptography
mailing list