maandag 6 maart 2017

Eat more hashes :)

So, with all the buzz around sha1 being collided lately.
I've been thinking a bit about the use of hashes and whether it is actually appropriate to use at all for interactive things like PDF files.

And my conclusion is nah, neh, nope. Although It's all about context.

Anyhow to proof a tiny point, here's proof of concept.

2 executables with the same SHA-1 & MD5 sum.

To test:

  1.  Download the poc file on any windows machine.
  2.  Unzip with 7zip
  3.  Run both executable
  4.  Verify with a tool of your choice that the SHA-1 & MD5 checksums correspond.
    (The machine does not need an internet connection)
One of the binaries will print "Evil" while the other will print "Liev" (a Dutch word for nice/cute)



Figuring out how this works.. is an exercise for the reader :)



Please be very cautious about using hashes/checksums and think about what purpose you are using them for.