A hack around “Shattered” SHA1

Dave Stagner
HackerNoon.com
1 min readFeb 24, 2017

--

Stories are starting to roll in about problems that can be caused in existing systems by the “Shattered” PDFs — failed svn commits, and concerns about faking git commits. Here’s an off-the-cuff solution for software implementors who are concerned about the conflict…

Generate two checksums. That’s it.

Here are the SHA1 checksums of shattered-1.pdf and shattered-2.pdf:

38762cf7f55934b34d179ae6a4c80cadccbb7f0a shattered-1.pdf

38762cf7f55934b34d179ae6a4c80cadccbb7f0a shattered-2.pdf

And here are CRC checksums of the same files, generated by cksum:

338397181 422435 shattered-1.pdf

919129914 422435 shattered-2.pdf

The SHA1 checksums may be identical, and the sizes identical, but the CRC checksums are still different. And CRC is computationally cheap. It’s not cryptographically secure, but generating two different files that have both the same SHA1 and the same CRC is that much more difficult.

I don’t know if this is actually useful to anyone, but it’s the first thought I had about how to prevent problems in a practical manner.

Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.

To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.

If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!

--

--

Dave Stagner
HackerNoon.com

Founder, Mixonance. Occasionally funny. Obsessed with Mr Morden's question, "What do you want?"