On Feb 23, 2017, at 6:21 PM, valdis.kletnieks@vt.edu wrote:
On Thu, 23 Feb 2017 17:40:42 -0500, "Ricky Beam" said:
cost! However this in no way invalidates SHA-1 or documents signed by SHA-1.
We negotiate a contract with terms favorable to you. You sign it (or more correctly, sign the SHA-1 hash of the document).
I then take your signed copy, take out the contract, splice in a different version with terms favorable to me. Since the hash didn't change, your signature on the second document remains valid.
I present it in court, and the judge says "you signed it, you're stuck with the terms you signed".
I think that would count as "invalidates documents signed by SHA-1", don't you?
Doesn’t work that way. According to the blog post, you can create two documents which have the same hash, but you do not know what that hash is until the algorithm finishes. You cannot create a document which matches a pre-existing hash, i.e. the one in the signed doc. Hence my comment that you can’t take Verisign’s root key and create a new key which matches the hash. -- TTFN, patrick