[Cryptography] [FORGED] Re: Possible SHA2 vulnerability

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Jul 1 03:27:43 EDT 2017


Tom Mitchell <mitch at niftyegg.com> writes:

>Does this even make sense to think about.

No.  If you're going to try and anticipate highly improbably events then you
end up needing to defend against everything imaginable, and ten time as many
things you can't imagine.  In other words an unimaginable highly improbably
event will get you anyway because you didn't anticipate them.  There are more
than enough things that we do know about and that are highly probably that
we're not mitigating against, so it's better to address those first.

In addition, if you really do want to go down that path, you need to look at
the impact of being able to generate collisions for SHA-2.  What would be the
immediate impact of someone being able to do that?  I mean the actual real-
world impact on the general public, not the "imagine all the horrible things
that can happen".  About the only big thing that immediately springs to mind
is that various software update services will have to switch back to SHA-1 for
awhile.

Even then, is it a major attack vector?  Sure, you can now subvert services
like Windows Update, but given the ease with which you can already implement a
Wannacry-like attack at close to no cost is it worth it even if you do have
the resources available?

Peter.


More information about the cryptography mailing list