AnsweredAssumed Answered

2 certs, different public key, same SHA1 hash?

Question asked by jweiler on Sep 10, 2016
Latest reply on Sep 15, 2016 by Rob Moss

To take advantage of the SHA1 weakness in a practical way, it seems that you would have to be able to create two certificates that have different public keys but the same hash value, in order to impersonate the original certificate for a URL and be able to set up a TLS connection for the original URL and successfully decrypt the traffic. I haven't found any SHA1 collision discussion that indicates that anything like this has been demonstrated. The examples of different documents with the same hash value seem to be different in ways (e.g. extra characters at the end of a file) that would not result in a useful forged certificate. Is the creation of 2 certs with different public keys and the same SHA1 hash possible? Is there any property of  SHA1 hash collisions that would prevent this? If not is it just a matter of computing power to create a forged SHA1 cert that would work in a TLS connection?

Outcomes