[Cryptography] [FORGED] Re: Google announces practical SHA-1 collision attack
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Mar 2 05:02:56 EST 2017
Mark Steward <marksteward at gmail.com> writes:
>I think the report makes it clear that it's a chosen-prefix attack, and while
>Web PKI is less vulnerable these days, are people outside that ecosystem as
>stringent about not signing subverted data?
I'm not really aware of any situation in which someone is going to be signing
subverted data (apart from the web PKI's certificate-manufacturing operations
that is). For non-PKI signing you typically sign content you've created
yourself, whether it's code signing, a report sent from a remote-monitoring
site, payment instructions, etc, almost everything I know of that gets signed
is content that the signer has created. The one exception is countersigning
and timestamping, where the countersigner adds all manner of other stuff to
the data before (counter-)signing it, so it's signing a very different hash to
what the original signer did.
While I'm sure there's some weird corner case somewhere that's vulnerable, for
any normal use of signing it shouldn't be an issue.
Peter.
More information about the cryptography
mailing list