From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <8D987F97-4760-4243-A9E7-F2F3BA9C63E3@bitblocks.com> References: <8D987F97-4760-4243-A9E7-F2F3BA9C63E3@bitblocks.com> From: Jules Merit Date: Sun, 26 Feb 2017 09:30:55 -0800 Message-ID: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=001a1136faf04a71d3054972536d Subject: Re: [9fans] SHA-1 collision and venti Topicbox-Message-UUID: b5772990-ead9-11e9-9d60-3106f5b1d025 --001a1136faf04a71d3054972536d Content-Type: text/plain; charset=UTF-8 there is a backdoor when a score of 4, what data produces it i have no idea. On Sun, Feb 26, 2017 at 9:25 AM, Bakul Shah wrote: > https://arstechnica.com/security/2017/02/watershed- > sha1-collision-just-broke-the-webkit-repository-others-may-follow/ > > https://shattered.io/static/shattered.pdf > > Venti is similarly corruptible, right? Since the checksum is over just the > content. If you downloaded https://shattered.io/static/shattered-1.pdf > and > https://shattered.io/static/shattered-2.pdf, venti would lose the > contents of one. > --001a1136faf04a71d3054972536d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
there is a backdoor when a score of 4, what data produces = it i have no idea.

On Sun, Feb 26, 2017 at 9:25 AM, Bakul Shah <bakul@bitblocks.com<= /a>> wrote:
<= a href=3D"https://arstechnica.com/security/2017/02/watershed-sha1-collision= -just-broke-the-webkit-repository-others-may-follow/" target=3D"_blank">htt= ps://arstechnica.com/security/2017/02/watershed-sha1-collision-ju= st-broke-the-webkit-repository-others-may-follow/

https://shattered.io/static/shattered.pdf
=
Venti is similarly corruptible, right? Since the checksum is= over just the content. If you downloaded=C2=A0https://shattered.io/sta= tic/shattered-1.pdf=C2=A0and=C2=A0https://shattered.io/static/= shattered-2.pdf, venti would lose the contents of one.

--001a1136faf04a71d3054972536d--