[Cryptography] Google announces concrete SHA-1 collision

Patrick Chkoreff patrick at rayservers.net
Thu Feb 23 11:37:01 EST 2017


Derek Atkins wrote on 02/23/2017 10:55 AM:
> Hi,
> 
> Just just came to my attention!  I think this is (hopefully) the final
> nail in the SHA-1 coffin?
> 
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html


It's real:

patrick at laptop:~/Downloads$ ll shattered-*
-rw-rw-r-- 1 patrick patrick 422435 Feb 23 09:02 shattered-1.pdf
-rw-rw-r-- 1 patrick patrick 422435 Feb 23 09:03 shattered-2.pdf

patrick at laptop:~/Downloads$ cmp shattered-1.pdf shattered-2.pdf
shattered-1.pdf shattered-2.pdf differ: byte 193, line 8

patrick at laptop:~/Downloads$ gpg --print-md sha1 shattered-1.pdf
shattered-1.pdf: 3876 2CF7 F559 34B3 4D17  9AE6 A4C8 0CAD CCBB 7F0A

patrick at laptop:~/Downloads$ gpg --print-md sha1 shattered-2.pdf
shattered-2.pdf: 3876 2CF7 F559 34B3 4D17  9AE6 A4C8 0CAD CCBB 7F0A


-- Patrick

P.S. Naturally sha256 isn't fooled:

patrick at laptop:~/Downloads$ gpg --print-md sha256 shattered-1.pdf
shattered-1.pdf: 2BB787A7 3E37352F 92383ABE 7E290293 6D1059AD 9F1BA6DA
AA9C1E58
                 EE6970D0
patrick at laptop:~/Downloads$ gpg --print-md sha256 shattered-2.pdf
shattered-2.pdf: D4488775 D29BDEF7 993367D5 41064DBD DA50D383 F89F0AA1
3A6FF2E0
                 894BA5FF



More information about the cryptography mailing list