On Thu, 23 Feb 2017 17:40:42 -0500, "Ricky Beam" said: > cost! However this in no way invalidates SHA-1 or documents signed by > SHA-1.
We negotiate a contract with terms favorable to you. You sign it (or more correctly, sign the SHA-1 hash of the document). I then take your signed copy, take out the contract, splice in a different version with terms favorable to me. Since the hash didn't change, your signature on the second document remains valid. I present it in court, and the judge says "you signed it, you're stuck with the terms you signed". I think that would count as "invalidates documents signed by SHA-1", don't you?
pgpOh0RfsKd9Y.pgp
Description: PGP signature
