Techly NewsGet the app

Get the latest tech news

Malicious SHA-1 (2014)


TL;DR: If the four 32-bit constants of SHA-1 can be modified, then exploitable collisions can be constructed. No need to panic, this doesn’t affect the original SHA-1.

Furthermore, we present polyglot malicious SHA-1 instances, that is, for which the designer can create colliding files of different types with arbitrary content (for example: any two MBR’s, any two RAR archives, and any two shell scripts) Our basic idea to exploit our generator of malicious SHA-1’s is depicted below, where the message block M x instructs the processor unit (archive extractor, image viewer, CPU, command interpreter, etc.) The constraints prevent us from finding colliding binaries for the common operating systems: PE (Windows), ELF (Linux), Mach-O (Mac).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Malicious SHA-1

Malicious SHA-1