SHAttered – Why you shouldn’t use SHA1 anymore

SHA1 is a well-known hash algorithm, e.g. for verifying that a downloaded file is really the file you wanted without being compromised.
With the new discovered attack „SHAttered“ it is able to create two PDFs (that have  different content) with the same SHA1 hash value. You can find the respective script by nneonneo on GitHub: https://github.com/nneonneo/sha1collider

In this example we have a sale contract of a house, one with a sale price of 1.000000$ and the other one with 1$:

Of course these two files have different SHA1 hashes:

Now we start our script:

It creates to new files: out-contract1.pdf and out-contract2.pdf. They still have the same content as before, but now also the same SHA1 hash value:

Well, this script just handles PDF files that have the same page size and page count. But it shows very impressive that you shouldn’t trust and especially not use SHA1 anymore.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.