The SHA-1 Defense

SHA-1 has been officially cracked. So what?

Technically, it probably doesn't mean much. Being able to produce a hash collision doesn't mean that you can produce a meaningful collision. For example if you have a digitally signed contract for $100, you won't be able to produce a contract for $100,000 that has the same signature--at least not yet.

What could be a problem are the legal challenges to SHA-1 based signatures on the basis of "reasonable" doubt. George Ou discuses these kinds of challenges and points to the MD5 defense:

A Sydney Magistrate threw out the digitally time stamped photos in a speeding ticket case because the Roads and Traffic authority failed to produce an expert to testify that its speed camera images were secure. The motorist's defense lawyer took advantage of the courts ignorance and argued that the MD5 hashing algorithm was a discredited piece of technology and therefore the speeding photos were invalid. Never mind that the defense never proved any actual tampering by the police department or explained how hash collisions in MD5 could possibly be used to fake photographs, it didn't matter because the judge was ignorant and the traffic authority was incompetent in their prosecution of the case. We lock people away for life with photographs and audio recordings all the time that have NO digital signatures but because a piece of police evidence used a less than perfect MD5 hashing algorithm in the digital signature the entire case was thrown out. With SHA-1 being officially cracked by Chinese researchers, the "MD5 defense" just became the MD5/SHA-1 defense.
From » Putting the cracking of SHA-1 in perspective | George Ou |
Referenced Mon Jan 22 2007 16:44:14 GMT-0700 (MST)