SHAttered: SHA-1 collisions
I was reading this post about Google generating the first SHA-1 collision is at first glance fine. At first I didn’t think there was anything surprising there. We already know that hashing algorithms will collide. We’ve known that since they were invented. This isn’t news nor is it surprising. However they go on to say stuff like
You could alter the contents of, say, a contract, and make its hash match that of the original. Now you can trick someone into thinking the tampered copy is the original. The hashes are completely the same.
Well … that’s not so easy to do, I thought. Just because you can generate a collision with 2 different pieces of data, it doesn’t mean that those 2 pieces of data resemble each other. For example one could theoretically generate a hash of the Mona Lisa and a hash of Starry Night and find that they are the same but if you’re trying to convince someone that the Mona Lisa is the same as Starry Night you have a long way to go. You really need a way to tamper with the original data, say in this example Mona Lisa, and vary it subtly, say with a little darkening around the eyes, so that on close visual inspection they look identical. Additionally the hashes of the 2 blobs of data, the Mona Lisa and it’s darkened sibling, must be the same. So I was sceptical when I initially read it but it turns out that they’ve managed to come up with a technique that can alter data, at least in some specific cases, so that the copy hashes to the same hash as the original and looks like the original. That is pretty amazing.
Originally published at cat head > /dev/www.