SHA1 Collision

May 16, 2018 11:32 · 112 words · 1 minute read ctf cyber-security hash

Introduction

When I was doing the DEF CON CTF Qualifier last weekend, I came across an interesting question where you need to create two pdf files with the same SHA1 hash.

Research

I know SHA1 hash was already broken when google blogged about creating the first SHA1 collision, but I was not sure that I can reproduce the process with limited hardware.

Result

In the end, I came across this website that is able to generate two PDF files with the same SHA1 hash using two JPG images based on this paper. This helps demonstrate how SHA1 is no longer secure and developers should start using other hashing algorithms such as SHA256

tweet Share