I understand the theorical problem with hash collision but when it comes to prac
ID: 647771 • Letter: I
Question
I understand the theorical problem with hash collision but when it comes to practice, I get very confused.
Suppose a attacker would like to forge a certificate (or any kind of strucutred piece of file) using hash collisions, I wonder how it is possible to find a collision (already unlikely) and moreover, this collision is "found" from relevant structured input bytes (dates, common name, dns attacker).
It sounds very strange for me, I can't understand how one can found a hash collision which helps as an attack, I can only think about a random raw bytes wich could generate a same hash, but it would not be parsed (ex: x509 certificate hash collision find by an attacker, but the x509 malicious content is random bytes not understandable by browser).
Hopefully, someone will understand my reflexion.
Explanation / Answer
As indicated, SHA-1 is not broken in the sense that practical attacks apply (as of 2014-12-06). So until practical attacks become feasible it is unclear against what scenarios they can be mounted.
Probably the best thing to do is to have a look at what is happening with MD5. It is likely - but not certain - that attacks on SHA-1 would have largely the same characteristics. The early signs seem to point to a strong similarity in attacks. This is to be expected as the internal structure of the hash functions has many similarities as well.