[Cryptography] Sony finding SHA1 collisions?

Jerry Leichter leichter at lrw.com
Fri Dec 12 13:31:58 EST 2014

On Dec 12, 2014, at 8:34 AM, Benjamin Kreuter <brk7bx at virginia.edu> wrote:
> This article seems to be saying that Sony has been using SHA1 collisions
> to attack BitTorrent:
> http://arstechnica.com/tech-policy/2014/12/sony-fights-spread-of-stolen-data-by-using-bad-seed-attack-on-torrents/?q=1
It doesn't actually say that - in fact, in what might be a later edit, it says the opposite:   "[The SHA1 signature is in the metadata provided with the seed, not a result of a file that causes a SHA1 "collision" by matching the file's exact hash.]"

I can *claim* any fingerprint function I like in the torrent description.  You have no way to know if the file actually matches the fingerprint until after you've downloaded it - but then you'd know it was bogus as soon as you tried to watch it anyway.

It would be possible to do better by publishing a list of hashes of relatively small segments of the file.  As soon as any segment fails to match its hash, you know you have at least one bad source.  But that makes the torrent description significantly larger.
                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141212/a282b4c8/attachment.bin>

More information about the cryptography mailing list