[Cryptography] SHA-1 collision could also allow ePassport forgery
Harald Koch
chk at pobox.com
Mon Feb 27 13:39:04 EST 2017
On 27 February 2017 at 10:29, Jan Moritz Lindemann <panda at panda.cat> wrote:
> Some countries (and not the smallest ones) still used RSA-SHA1 signatures
> for their document signing certificates as late as 2010.
>
> As passports and those certificates are usually valid 10 years this means
> that if they are not revoked it is possible until 2020 to create forged
> passports capable of passing automated security gates.
>
There are far easier (and much cheaper!) attacks on the passport system
than finding RSA-SHA1 collisions. Can we stop with the FUD, please?
--
Harald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170227/866c340f/attachment.html>
More information about the cryptography
mailing list