[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

First SHA-1 collision in history

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. First SHA-1 collision in history
Thread replies: 26
Thread images: 4

Anonymous
First SHA-1 collision in history 2017-02-26 08:31:55 Post No. 59125542
[Report] Image search: [Google]
File: Collision-illustrated.png (60KB, 640x348px) Image search: [Google]
Collision-illustrated.png
60KB, 640x348px
First SHA-1 collision in history Anonymous 2017-02-26 08:31:55 Post No. 59125542 [Report]
As of this week, SHA-1 is officially broken. These two distinct files have identical SHA-1 hashes:
https://shattered.it/static/shattered-1.pdf
https://shattered.it/static/shattered-2.pdf

If you still use SHA-1 for SSH key exchange (which is the default) or password hashing, you're going to get fucked by the NSA/Russians.
>>
Anonymous 2017-02-26 08:39:08 Post No.59125598
[Report] Image search: [Google]
Anonymous 2017-02-26 08:39:08 Post No.59125598 [Report]
File: 01515_lzCAOHDp2gB_1200x900.jpg (21KB, 350x240px) Image search: [Google]
01515_lzCAOHDp2gB_1200x900.jpg
21KB, 350x240px
>>59125542
>Not unterstanding cryptography
>2017
Are you baiting or what?
>>
Anonymous 2017-02-26 08:42:36 Post No.59125617
[Report]
Anonymous 2017-02-26 08:42:36 Post No.59125617 [Report]
>>59125542
>If you still use SHA-1 for SSH key exchange (which is the default) or password hashing, you're going to get fucked by the NSA/Russians.
You don't understand the nature of this attack at all
>>
Anonymous 2017-02-26 08:45:53 Post No.59125644
[Report]
Anonymous 2017-02-26 08:45:53 Post No.59125644 [Report]
Those 2 PDFs are the only two distinct pieces of data publicly known to mankind which have identical SHA-1 hashes. If you don't understand how significant that is, fuck off back to >>>/v/.
>>
Anonymous 2017-02-26 08:49:18 Post No.59125669
[Report] Image search: [Google]
Anonymous 2017-02-26 08:49:18 Post No.59125669 [Report]
File: 1401583740224.jpg (24KB, 276x268px) Image search: [Google]
1401583740224.jpg
24KB, 276x268px
>tfw still using md5
>tfw made the mistake of rolling your own encryption using primitive triple generation
>>
Anonymous 2017-02-26 08:51:24 Post No.59125681
[Report]
Anonymous 2017-02-26 08:51:24 Post No.59125681 [Report]
>>59125542

>they can change the color of your documents, how scary!

I wonder how I will protect myself against criminals swapping my documents for others with th exact same content but different colors. I'm finished now!
>>
Anonymous 2017-02-26 08:55:45 Post No.59125718
[Report]
Anonymous 2017-02-26 08:55:45 Post No.59125718 [Report]
>>59125542
you know the NSA can break TLS by mailing a fucking letter right?
>>
Anonymous 2017-02-26 09:28:22 Post No.59125959
[Report]
Anonymous 2017-02-26 09:28:22 Post No.59125959 [Report]
At this point it's reasonable to expect that all hashing algorithms will experience collisions. The question to ask is not if but rather when.
>>
Anonymous 2017-02-26 01:27:37 Post No.59128327
[Report]
Anonymous 2017-02-26 01:27:37 Post No.59128327 [Report]
>>59125669
What's wrong with md5?
>>
Anonymous 2017-02-26 01:33:52 Post No.59128399
[Report] Image search: [Google]
Anonymous 2017-02-26 01:33:52 Post No.59128399 [Report]
File: sha1.png (2KB, 303x131px) Image search: [Google]
sha1.png
2KB, 303x131px
>>59125542
>These two distinct files have identical SHA-1 hashes:
You can make your own PDF files with same SHA-1 hash:
alf DOT nu/SHA1
or google sha1 collider
4chan spam filter is full of shit
>>
Anonymous 2017-02-26 01:35:09 Post No.59128414
[Report]
Anonymous 2017-02-26 01:35:09 Post No.59128414 [Report]
>>59125644
You know they published a generator which allows you to make colliding PDF files?

>>59128327
Is this a joke?
>>
Anonymous 2017-02-26 01:37:35 Post No.59128443
[Report]
Anonymous 2017-02-26 01:37:35 Post No.59128443 [Report]
>>59128414
I meant as a way to confirm file integrity.
>>
Anonymous 2017-02-26 01:42:27 Post No.59128504
[Report]
Anonymous 2017-02-26 01:42:27 Post No.59128504 [Report]
tfw people still use SHA-256 for file hashes, even though SHA-512 is actually faster
>>
Anonymous 2017-02-26 02:40:31 Post No.59129306
[Report]
Anonymous 2017-02-26 02:40:31 Post No.59129306 [Report]
>>59128443
That's literally what collision attack is ya dingus, you can make a modified file have the same hash as the original. In practice you can use md5 for checking download corruption, but not for anything that requires actual security.
>>
Anonymous 2017-02-26 03:05:47 Post No.59129672
[Report]
Anonymous 2017-02-26 03:05:47 Post No.59129672 [Report]
>>59128504
Depends on the size of the file. Sha-512 is only faster for files larger than 2GB
>>
Anonymous 2017-02-26 03:09:31 Post No.59129740
[Report]
Anonymous 2017-02-26 03:09:31 Post No.59129740 [Report]
>>59128399
File size?
>>
Anonymous 2017-02-26 03:20:42 Post No.59129886
[Report]
Anonymous 2017-02-26 03:20:42 Post No.59129886 [Report]
>>59129306
> you can make a modified file have the same hash as the original.
But it can't be just *any* arbitrary modification. Finding a colliding hash is difficult enough, and requires way more processing power than anybody on /g/ has access to.
But finding a colliding hash that *also* contains malware with specific behavior? That's basically not going to happen.
>>
Anonymous 2017-02-26 03:56:11 Post No.59130360
[Report]
Anonymous 2017-02-26 03:56:11 Post No.59130360 [Report]
>>59129886
Not necessarily. Imagine a distribution iso which is couple gigs in size. You can insert malware and add enough (megabytes, perhaps even hundred megabyte) specific junk for the collision to occur and most people wouldn't notice unless they specifically checked (for example it could easily fool a script that just checks md5 hash). Even worse, you could remove a hundred megabytes, and insert collision data so that the file doesn't change size at all.

Of course this is pretty far off and not something a lot of people should be concerned about, but we do live in a world where there's a mini processor inside of your processor that enables nsa to hack in remotely and gain Ring -3 access to your PC so maybe not even that far off.
>>
Anonymous 2017-02-26 04:02:21 Post No.59130442
[Report]
Anonymous 2017-02-26 04:02:21 Post No.59130442 [Report]
>>59130360

I wonder if NSA agents are enjoying me watching Allo Allo for the 10th time.

I just hope they don't see the pictures of my tits to be honest.
>>
Anonymous 2017-02-26 05:29:12 Post No.59131638
[Report]
Anonymous 2017-02-26 05:29:12 Post No.59131638 [Report]
>>59130442
You might not care. But people in authoritan regimes which are severely limited in their freedoms do.
>>
Anonymous 2017-02-26 05:35:31 Post No.59131712
[Report]
Anonymous 2017-02-26 05:35:31 Post No.59131712 [Report]
>>59131638
imagine actually thinking that the US is an ~authoritarian regime~
get a grip
>>
Anonymous 2017-02-26 05:46:14 Post No.59131840
[Report]
Anonymous 2017-02-26 05:46:14 Post No.59131840 [Report]
>>59131638

Yeah ?
I live in Russia.

Do you still think that ?

There is a reason there's a saying

>Dead as the russian democracy
or economy
>>
Anonymous 2017-02-26 05:52:09 Post No.59131920
[Report]
Anonymous 2017-02-26 05:52:09 Post No.59131920 [Report]
>>59129740
Same file sizes, 68899 bytes.
>>
Anonymous 2017-02-26 06:01:20 Post No.59132051
[Report]
Anonymous 2017-02-26 06:01:20 Post No.59132051 [Report]
>>59125644
It's not significant, though? SHA-1 never claimed to be 100% unique, it's just absurdly rare that there'd be a clash. In practice, there's no way to make use of this as an attack vector with modern processing power.
>>
Anonymous 2017-02-26 06:12:34 Post No.59132185
[Report]
Anonymous 2017-02-26 06:12:34 Post No.59132185 [Report]
sha3sum has been a the adopted standard for quite a while, and you'd know it if you weren't a bunch of basement dwellers

the only funny thing of sha1ttered is that you can break git in new ways
>>
Anonymous 2017-02-26 07:28:54 Post No.59133425
[Report]
Anonymous 2017-02-26 07:28:54 Post No.59133425 [Report]
>>59129672
No, it's always faster, as long as you're on a 64 bit system.
Thread posts: 26
Thread images: 4
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.