[Top] [All Lists]

Re: SHA-1 broken

2005-02-18 01:31:02

* Jon Callas wrote:
A key fingerprint is little more than a hash of the key material, the 
creation time, and a few constants. There's very little place in there 
to manufacture a collision. Fingerprints need little more than 

IBTD, sorry.

The recent attack allows to construct two "random" messages differing in
some (few) bits generating the same hash.

So a possible attack might be to generate such a collision and search one of
the messages in existing key material from the key servers. If some key was
found containing one of those sequences, it can be replaced by a different
key by changing those few bits.

This manipulation does not change the fingerprint and might not change the
key signature nor the user certificates, so the modified key is a drop in
replacement for the old one.

The main advantage for the attacker is, that the modified key might be easily
factorised. Very likely. So the attacker can mount a MITM attack using the
web of trust to hide it.

Bad news.

<Prev in Thread] Current Thread [Next in Thread>