maandag 6 maart 2017

Eat more hashes :)

So, with all the buzz around sha1 being collided lately.
I've been thinking a bit about the use of hashes and whether it is actually appropriate to use at all for interactive things like PDF files.

And my conclusion is nah, neh, nope. Although It's all about context.

Anyhow to proof a tiny point, here's proof of concept.

2 executables with the same SHA-1 & MD5 sum.

To test:

  1.  Download the poc file on any windows machine.
  2.  Unzip with 7zip
  3.  Run both executable
  4.  Verify with a tool of your choice that the SHA-1 & MD5 checksums correspond.
    (The machine does not need an internet connection)
One of the binaries will print "Evil" while the other will print "Liev" (a Dutch word for nice/cute)



Figuring out how this works.. is an exercise for the reader :)



Please be very cautious about using hashes/checksums and think about what purpose you are using them for.

11 opmerkingen:

  1. Unpacking with 7zip onto a network drive (actually a VirtualBox shared folder) and executing gives "Evil" for both files.

    Unpacking with KDE Ark 16.12.2 and then copying it to the NTFS drive of the Win 7 VM gives "I will not reveal my secrets to you" for both files.

    Has anyone tried unpacking onto a FAT32 filesystem? I'm about to go to bed and too lazy right now to get out a pendrive.

    BeantwoordenVerwijderen
  2. isn't the correct spelling lief, not liev?

    BeantwoordenVerwijderen
  3. Thank you! That was a fun challenge? Should I share the results?

    BeantwoordenVerwijderen
  4. https://medium.com/@dalmoz/a-collision-too-perfect-279a47fb5d42

    BeantwoordenVerwijderen