cr-marcstevens/sha1collisiondetection

Big Issue

smoriarty21 opened this issue · 9 comments

How many dev hours did you put into finding something that has never actually happened in the wild and has an astronomically low chance of happening?

Actually, less than my dev hours into making an actual SHA-1 collision.

But you're wrong saying it never happened so far and that a new one has astronomically low chance. It's costly, but not that costly.

I'm closing this non-issue.

You do realize the site you linked me says right on it that this has never happened in the wild right? I just feel like your time would have been much better spent switching to sha-256. I'm still standing strong on my statement that this was a useless waste of time.

**From shattered.io:
How widespread is this?
As far as we know our example collision is the first ever created.

Has this been abused in the wild?
Not as far as we know.**

You do notice the caveat: as far as we know, moreover only up to now.
So whats wrong with some real protection for the short term future while longer term migration to SHA-2 is underway?

Moreover, how about all those SHA-1 signatures out there that can't be replaced.
What do you think is better: do we trust all those old SHA-1 signatures, or revoke them all, or do we check for forgeries with this?

Hi Sean, thanks for your interest in our project. We saved so much of our discretionary time by not trolling random people that we were able to spend it on this work.

I'll take the troll hat off for a second and ask for an education here as there is clearly something I am missing. How does finding one SHA1 collision make it trivial to find billions more(again I was trolling but am not longer and genuinely want to understand this issue). Also I know this was a very trollish issue for me to open but it is a genuine question. You guys keep saying that you have seen these in the wild but you seem to be the only people in the world claiming this. I just feel like (and id love to be wrong here) this is not as big of an issue as you are making it seem. I feel that very few people have access to enough computing power to replicate this. Again thanks for the education and sorry if I still sounds like a troll but I'm very curious

The thing is: we just collided a 320-byte PDF prefix without any content so far. So now anyone can make billions of colliding PDF file pairs with their own chosen content, and apply those in the wild! Any one of those PDF pairs can be used to break subversion repositories as found out by WebKit, i.e. unless the admins took special SHA-1 collision precautions.

Thanks for the info Marc! Now this is starting to make more sense to me