Finally a SHA-1 collision. TL;DR: same-prefix collision, don't panic *yet*, but Git better start thinking of SHA-256 and don't trust PDFs.
-
Remember, this SHA1 attack is *not* the attack that broke MD5 TLS certs and gave us Flame. *This* attack on MD5 you can run on a smartphone.
This SHA1 attack does NOT allow you to collide an innocent-looking file with a malicious file. You need TWO blatantly malicious files.
-
-
... of course, if nobody's looking at the hex dump, one of those files might not look malicious when you open it. Hence the PDF trick.
-
Similarly, you could make two colliding binaries and have them behave differently, but the "evil" code would have to exist in both.
- Show replies
New conversation -
-
-
With anything Turing-complete you can probably pull off "subtly malicious". Branch on a bit in the colliding block.
-
But identical-prefix makes attacking X.509 a lot harder, maybe impossible.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.