[openssl-users] Rejecting SHA-1 certificates

Michael Sierchio kudzu at tenebras.com
Mon Jul 10 19:07:42 UTC 2017

On Mon, Jul 10, 2017 at 10:22 AM, Viktor Dukhovni <
openssl-users at dukhovni.org> wrote:

> > On Jul 10, 2017, at 1:12 PM, Niklas Keller <me at kelunik.com> wrote:
> >
> > It's very well worth the effort, otherwise there's a security issue,
> because certificates can be forged.
> Collision attacks don't directly lead to certificate forgery.  There are
> no known 2nd-preimage attacks on SHA-1.

I'm pretty sure, but are you saying you would rather wait for a
demonstration of the weakness being turned into a practical attack?

Second pre-image attacks against reduced SHA-1 have been demonstrated. It's
only a matter of time before second pre-image resistance for full SHA-1 is
dead and buried.

"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170710/04b7d433/attachment.html>

More information about the openssl-users mailing list