
The Second SHA-1 Hash Collision - fulldecent2
https://privacylog.blogspot.com/2019/12/the-second-sha-collision.html
======
vbitz
This is just the first 320 bytes of the original shattered. They just cut off
the rest of the PDF data.

~~~
SpicyLemonZest
Does that... work? I guess so, but why does it work?

~~~
tedunangst
Once the two sha1 states are synchronized, after the first 320 bytes, they
will remain in sync as long as you extend them with the same data. (BTW This
is why hmac exists, to prevent extension attacks.)

------
jacquesm
Interesting how 'privacy log' includes 'google', 'twitter', 'facebook' and -
strangely - 'paypal' 3rd party bits & pieces.

Authors home page is here: [https://phor.net/](https://phor.net/)

------
latchkey
For those who are curious, here is a screenshot of `vbindiff shat-a.bin
shat-b.bin` output in my terminal:

[https://imgur.com/a/uZttSbD](https://imgur.com/a/uZttSbD)

------
elgfare
This has frustratingly little information about how it was done.

~~~
tedunangst
Truncate the original files to the differing blocks. Tada.

~~~
ummonk
Oh of course. So any of us could generate "new" hash collisions by adding new
identical blocks to these...

------
kfrzcode
Won't be the last. Would appreciate a longer writeup but I'm sure we'll see
more.

First one, for reference: [https://shattered.it/](https://shattered.it/)

[https://www.schneier.com/blog/archives/2012/10/when_will_we_...](https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html)

------
joshspankit
It doesn’t get mentioned enough: this is with the exact same filesize. Most
collision mitigations (such as git’s) revolve around using hash combined with
filesize as a collision is inevitable, but a collision _with the same
filesize_ is __much __harder.

------
clement_b
This is great, but it's a bit like an endangered animal giving birth in a zoo.

Has anyone seen a collision happening in the wild? What's the likelihood? Vs
UUID?

~~~
bawolff
Asking the liklihood is kind of the wrong question.

The problem with sha-1 is the possibility that a malicious person could
intentionally make two files with the same hash (in order to do evil). The
probability of this happening if someone decides to do it and has sufficient
resources to pull it off, is 1. The probability of it happening accidentally
hasn't changed and is so small it might as well be 0.

~~~
clement_b
Makes sense! Thanks for explaining

------
hurricanetc
Make sure to like, tweet, and FB comment on this... privacy blog.

------
Trias11
Every hash function is guaranteed to have infinite number of collisions.

~~~
bawolff
Every lottery is garunteed to have a winner. Doesnt mean i wouldnt be excited
if i won the jackpot

~~~
nikbackm
Depends on the lottery, sometimes there is no one getting all the numbers
correct so the prize money accumulates to the next round.

------
fulldecent2
Now 1000x smaller than the original Shattered attack from Google! And 1000000x
less expensive!!! Buy now

