Hacker News new | ask | show | jobs
by NathanaelRea 270 days ago
Wouldn't a sha256 collision be impractical? Like wouldn't it be more compute than the couple grand a security deposit would be? SHAttered was in 2017 with SHA-1 and took 110 years of GPU equivalent compute.

It feels like just a mistake or an error with RightSignature? Like they uploaded the wrong doc, clicked the wrong button, and were confused on their side because the version they meant to send was at the top of the page?
2 comments
CBMPET2001 270 days ago
OP mentions in the article that the draft was uploaded on 9/22/25, so it can't have been a simple mix up where the version with the addendum was the one they had originally intended to have signed, since it didn't exist yet.

If you just mean that they had the second version in their system but never intended to send it at all, then I'm not sure what possible innocent explanation there would be for uploading a newly modified version of an already signed lease that's run its course.

link
NathanaelRea 270 days ago
Ok, that makes sense. I re-read the post. I thought the signed doc checksum was the same for both, but it seems like the certification page is inserted into the actual document, thus breaking your ability to verify the final document checksum? Seems strange that the provider doesn't email the final doc to both parties after signing. Also, kinda weird that they knew it would say uploaded 9/22 and still offered to screen share.
link
Hackbraten 270 days ago
The signed hash matches the original version of the document (sans tenant's signature, sans fraudulent addition). The hash doesn't match any other version of the document.
link
CBMPET2001 270 days ago
I think they're referring to the 'signed checksum' field on the document, and this line from the article

> Interestingly, the certificate page was identical in both documents, including the checksums, despite the content being different.

I think they took this to mean that the signed copy and the copy with the fraudulent addendum both hashed to the same checksum, but I'm not sure that's what was meant; based on the article it's not obvious to me that OP was able to check the signed checksum, though I can't imagine they didn't try. It's the 'original checksum' field that matched the base.pdf clean document without signature or addendum.

link
mjg59 270 days ago
No, the modified copy included the same certificate page simply because it was a modified copy of the PDF with the certificate page. There's no actual way I've determined to verify the signed checksum field.
link
CBMPET2001 270 days ago
Ah, so the 'signed checksum' field isn't actually the checksum of the signed document? How odd . . . but yeah, now that I think about it, they couldn't know the hash of a document before they generate it, but they would need to in order to include it in the document, hence an impossible cycle; they must have overlooked that . . .
link
mjg59 270 days ago
Right, it's the hash of the document before they add the certificate page, but unfortunately there's no easy way to extract that to calculate it
link