Re: [saag] SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 10 January 2020 01:28 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E28B120288 for <saag@ietfa.amsl.com>; Thu, 9 Jan 2020 17:28:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pOeJyy1ETzvr for <saag@ietfa.amsl.com>; Thu, 9 Jan 2020 17:28:47 -0800 (PST)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6C79120131 for <saag@ietf.org>; Thu, 9 Jan 2020 17:28:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1578619727; x=1610155727; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Y9qVb0Uhv5ygUXrt0+QSsTgtVyq2VC35kuuPxkPKnF8=; b=AynjYf8LFkatJ8KFZzf89eVKZb40bKWyoxrD67msbACXud8VU+2hXWLb yGZw+bKJxhpnUSowuiePTZOKIEwsZdwOtuNtUXy1VFXz0zUyqSj/Wh7aH MHEqMAvj/CSISxgAQL0WidSPfcAk+yj/prcXTRO61Os71InFs7NbSuyUb 6b9jw2ZkVkIZdQbo56dN7/F71N/s6+8n9fgWqUY7zmlmIZgvRwj8///lj dVT8eT9hEcJWXnpEKqNZgmARCK4JZFdtbKah7fUvVq4JYgOo/F1X10GX5 vaLfF4mBLFDYPaZcQytyfT9SVrevLsbSnePY9DGU/h5pnAiPqwRgSLQM9 Q==;
X-IronPort-AV: E=Sophos;i="5.69,414,1571655600"; d="scan'208";a="109020941"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.9 - Outgoing - Outgoing
Received: from uxcn13-tdc-e.uoa.auckland.ac.nz ([10.6.3.9]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 10 Jan 2020 14:28:42 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-e.UoA.auckland.ac.nz (10.6.3.9) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 10 Jan 2020 14:28:42 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Fri, 10 Jan 2020 14:28:41 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Watson Ladd <watsonbladd@gmail.com>
CC: Phillip Hallam-Baker <phill@hallambaker.com>, "noloader@gmail.com" <noloader@gmail.com>, IETF SAAG <saag@ietf.org>
Thread-Topic: [saag] SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1
Thread-Index: AQHVxW5peik3PNqOuEiM4/T+DmGoNqffJfeAgAAA7gCAAsXzEP//xtmAgAFr1gE=
Date: Fri, 10 Jan 2020 01:28:41 +0000
Message-ID: <1578619724689.8862@cs.auckland.ac.nz>
References: <A6C5B299-54AE-48E8-98BF-981C85B9D3BE@vigilsec.com> <CAH8yC8=DWfzTw=meTG0_jGDt_qDmw20khR_U1Z0df0R-K0hN6Q@mail.gmail.com> <CAMm+LwisLm78peKYk7N_C1y3f8vjRgOrf9Ut9XwGGZZ-vK5zFA@mail.gmail.com> <1578554217695.69920@cs.auckland.ac.nz>, <CACsn0c=LENQtn_UA0vmr4kk8k-d609Ftxwzf7QKMbKVf_0u9vA@mail.gmail.com>
In-Reply-To: <CACsn0c=LENQtn_UA0vmr4kk8k-d609Ftxwzf7QKMbKVf_0u9vA@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/rft642D2XcSR2v3ebzRJ-4eIY6s>
Subject: Re: [saag] SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 01:28:49 -0000
Watson Ladd <watsonbladd@gmail.com> writes: >Did the attackers succeed? Yes >Did they need a custom extension? No >Does the countermeasure work? No Was the hash function and its weakness practically identical to MD5? No Did the CA that was attacked randomise serial numbers? No Again, this is just to understand how to mitigate problems for legacy stuff, not to try and prolong SHA-1 use indefinitely, but it would be good to understand where the exact risks for SHA-1 use lie. Peter.
- [saag] SHA-1 is a Shambles: First Chosen-Prefix C… Russ Housley
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Phillip Hallam-Baker
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Peter Gutmann
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Phillip Hallam-Baker
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Christian Huitema
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Jeffrey Walton
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Phillip Hallam-Baker
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Andrey Jivsov
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Alan DeKok
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Peter Gutmann
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Black, David
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Watson Ladd
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Peter Gutmann
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Viktor Dukhovni
- Re: [saag] SHA-1 is a Shambles: First Chosen-Pref… Robert Moskowitz