First SHA-1 collision in history

As of this week, SHA-1 is officially broken. These two distinct files have identical SHA-1 hashes:
shattered.it/static/shattered-1.pdf
shattered.it/static/shattered-2.pdf

If you still use SHA-1 for SSH key exchange (which is the default) or password hashing, you're going to get fucked by the NSA/Russians.

>Not unterstanding cryptography
>2017
Are you baiting or what?

>If you still use SHA-1 for SSH key exchange (which is the default) or password hashing, you're going to get fucked by the NSA/Russians.
You don't understand the nature of this attack at all

Those 2 PDFs are the only two distinct pieces of data publicly known to mankind which have identical SHA-1 hashes. If you don't understand how significant that is, fuck off back to .

>tfw still using md5
>tfw made the mistake of rolling your own encryption using primitive triple generation

>they can change the color of your documents, how scary!

I wonder how I will protect myself against criminals swapping my documents for others with th exact same content but different colors. I'm finished now!

you know the NSA can break TLS by mailing a fucking letter right?

At this point it's reasonable to expect that all hashing algorithms will experience collisions. The question to ask is not if but rather when.

What's wrong with md5?

>These two distinct files have identical SHA-1 hashes:
You can make your own PDF files with same SHA-1 hash:
alf DOT nu/SHA1
or google sha1 collider
Sup Forums spam filter is full of shit

You know they published a generator which allows you to make colliding PDF files?

Is this a joke?

I meant as a way to confirm file integrity.

tfw people still use SHA-256 for file hashes, even though SHA-512 is actually faster

That's literally what collision attack is ya dingus, you can make a modified file have the same hash as the original. In practice you can use md5 for checking download corruption, but not for anything that requires actual security.

Depends on the size of the file. Sha-512 is only faster for files larger than 2GB

File size?

> you can make a modified file have the same hash as the original.
But it can't be just *any* arbitrary modification. Finding a colliding hash is difficult enough, and requires way more processing power than anybody on Sup Forums has access to.
But finding a colliding hash that *also* contains malware with specific behavior? That's basically not going to happen.

Not necessarily. Imagine a distribution iso which is couple gigs in size. You can insert malware and add enough (megabytes, perhaps even hundred megabyte) specific junk for the collision to occur and most people wouldn't notice unless they specifically checked (for example it could easily fool a script that just checks md5 hash). Even worse, you could remove a hundred megabytes, and insert collision data so that the file doesn't change size at all.

Of course this is pretty far off and not something a lot of people should be concerned about, but we do live in a world where there's a mini processor inside of your processor that enables nsa to hack in remotely and gain Ring -3 access to your PC so maybe not even that far off.

I wonder if NSA agents are enjoying me watching Allo Allo for the 10th time.

I just hope they don't see the pictures of my tits to be honest.

You might not care. But people in authoritan regimes which are severely limited in their freedoms do.

imagine actually thinking that the US is an ~authoritarian regime~
get a grip

Yeah ?
I live in Russia.

Do you still think that ?

There is a reason there's a saying

>Dead as the russian democracy
or economy

Same file sizes, 68899 bytes.

It's not significant, though? SHA-1 never claimed to be 100% unique, it's just absurdly rare that there'd be a clash. In practice, there's no way to make use of this as an attack vector with modern processing power.

sha3sum has been a the adopted standard for quite a while, and you'd know it if you weren't a bunch of basement dwellers

the only funny thing of sha1ttered is that you can break git in new ways

No, it's always faster, as long as you're on a 64 bit system.