[dns-operations] SHA-1 chosen-prefix collisions

Tony Finch dot at dotat.at
Fri Jan 10 15:51:53 UTC 2020


Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> The longer suffix could for now rule out misuse of TXT records since
> each <character-string> chunk of a TXT record is at most 255 bytes.

I've updated my article to account for this. An attacker can add a fixed
trailer of 255 zero bytes after the collision blocks to deal with
substring lengths. The first part of the trailer uses up any remaining
space in the last substring of the collision blocks, and the rest of the
trailer is interpreted as zero-length substrings up to the end of the TXT
record. Length bytes inside the collision blocks can be any old mush.

https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Gibraltar Point to North Foreland: Northwesterly 4 or 5, backing southerly or
southwesterly 5 to 7, perhaps gale 8 later. Slight or moderate, smooth in
Thames estuary. Mainly fair. Good.



More information about the dns-operations mailing list