undefined | Better HN

0 pointsnneonneo6y ago0 comments

The confusing thing is that the team behind SHAttered did choose a prefix - they just had to choose a common prefix rather than two different prefixes (choosing a common prefix simply changes the initial state used by SHA-1). So I'm hoping that my post clarifies this point a bit.

The SHAttered attack (classical collision) can be used in practice - for example, my project https://github.com/nneonneo/sha1collider exploits their collision to turn any two PDFs into documents with identical SHA-1 hashes.

0 comments

2 comments · 1 top-level

gowld6y ago· 1 in thread

Is any practical application safe from Shattered but not Shambles?

saagarjha6y ago

Applications which don't accept the specific Shattered PDF prefix given there. In general Shattered could work for e.g. ELF executables with the same prefix, but the attack here lets you collide the hashes even if the prefixes are different.

j / k navigate · click thread line to collapse