SECCON 2017 Online CTF: SHA-1 is dead
problem
submit files such that:
- SHA1(file1) $=$ SHA1(file2)
- SHA256(file1) $\ne$ SHA256(file2)
- $2017$KiB $\lt$ file1, file2 $\lt$ $2018$KiB
You should take care the difference between KB
and KiB
. I’ve mistaken this and been confused.
solution
Hash functions having the Merkle-Damgard structure have the following property: $H(a) = H(b) \land \mathrm{length}(a) = \mathrm{length}(b)$ implies $\forall c. H(a \oplus c) = H(b \oplus c). So you can get a desired pair with simply padding the pair, shattered.
$ { cat shattered-1.pdf ; yes | head -c 1643485 } > file-1.pdf
$ { cat shattered-2.pdf ; yes | head -c 1643485 } > file-2.pdf