24 Feb
2017
24 Feb
'17
12:11 p.m.
On Feb 24, 2017, at 12:04 PM, Vincent Bernat <bernat@luffy.cx> wrote:
❦ 23 février 2017 21:16 -0500, "Patrick W. Gilmore" <patrick@ianai.net> :
A couple things will make this slightly less useful for the attacker: 1) How many people are not going to keep a copy? Once both docs are be found to have the same hash, well, game over.
But if a transaction is automated, it may be too late. For example, if the document is a bank transfer slip.
If I can control the bank side of presenting an automated transfer slip, I really don’t need to worry about SHA-1 collisions. I already have all your money. -- TTFN, patrick