SHA1 is a well-known hash algorithm, e.g. for verifying that a downloaded file is really the file you wanted without being compromised.
With the new discovered attack „SHAttered“ it is able to create two PDFs (that have different content) with the same SHA1 hash value. You can find the respective script by nneonneo on GitHub: https://github.com/nneonneo/sha1collider
In this example we have a sale contract of a house, one with a sale price of 1.000000$ and the other one with 1$:
Of course these two files have different SHA1 hashes:
Now we start our script:
It creates to new files: out-contract1.pdf and out-contract2.pdf. They still have the same content as before, but now also the same SHA1 hash value:
Well, this script just handles PDF files that have the same page size and page count. But it shows very impressive that you shouldn’t trust and especially not use SHA1 anymore.